wget-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: wget2 | TLS 1.3 (0-RTT) early data on resumed sessions (#678)


From: @rockdaboot
Subject: Re: wget2 | TLS 1.3 (0-RTT) early data on resumed sessions (#678)
Date: Tue, 10 Sep 2024 09:26:17 +0000



Tim Rühsen commented on a discussion: 
https://gitlab.com/gnuwget/wget2/-/issues/678#note_2097855781


Re TFO: TLS is on top of TCP/IP. So even with TLS early data, you need to 
connect first, which is already 1RTT. And here comes TFO into play - the TLS 
early data needs to be sent within the first TCP/IP packet (SYN) to achieve a 
0RTT TLS connection. As you said, this requires a warm up (a prior connection).

The good news is, with GnuTLS we have TFO support since several years (from 
before TLS1.3 was available). So possibly, it just works out of the box with 
GnuTLS. Wget2 has it disabled by default because users encountered issues with 
middle-boxes not supporting TFO. This means, you have to enable TFO for 0RTT 
and also, we can't enable the new option by default.

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget2/-/issues/678#note_2097855781
You're receiving this email because of your account on gitlab.com.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]