[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wget2 | TLS 1.3 (0-RTT) early data on resumed sessions (#678)
|
From: |
@rockdaboot |
|
Subject: |
Re: wget2 | TLS 1.3 (0-RTT) early data on resumed sessions (#678) |
|
Date: |
Tue, 10 Sep 2024 09:26:17 +0000 |
Tim Rühsen commented on a discussion:
https://gitlab.com/gnuwget/wget2/-/issues/678#note_2097855781
Re TFO: TLS is on top of TCP/IP. So even with TLS early data, you need to
connect first, which is already 1RTT. And here comes TFO into play - the TLS
early data needs to be sent within the first TCP/IP packet (SYN) to achieve a
0RTT TLS connection. As you said, this requires a warm up (a prior connection).
The good news is, with GnuTLS we have TFO support since several years (from
before TLS1.3 was available). So possibly, it just works out of the box with
GnuTLS. Wget2 has it disabled by default because users encountered issues with
middle-boxes not supporting TFO. This means, you have to enable TFO for 0RTT
and also, we can't enable the new option by default.
--
Reply to this email directly or view it on GitLab:
https://gitlab.com/gnuwget/wget2/-/issues/678#note_2097855781
You're receiving this email because of your account on gitlab.com.