[gnutls-devel] GnuTLS & TCP Fast Open ?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Jan 14 22:45:53 CET 2015
On Wed, 2015-01-14 at 21:52 +0100, Tim Rühsen wrote:
> Hi,
>
> does GnuTLS currently support TFO and if yes, how do I tell GnuTLS to use it ?
> And if no, are there any known caveats, especially regarding SSL/TLS in
> general ?
I've never used TFO, but there shouldn't be any issues with it.
Protocol-wise most probably you want to send the client hello in advance
and that hardly carries sensitive data. Overall this doesn't affect the
security of TLS, as its threat model includes an attacker observing and
injecting packets.
Implementation-wise there is no special API for that, but providing a
push function which will use sendto() (*) on the first message, and
send() otherwise could do the trick. Other than that, the changes in
server side, and the socket calls are independent and don't affect the
usage of the gnutls' api.
If you do have some working code it would be nice if you send your
changes, or some documentation on that, so we can document it.
*. Providing that the API in http://lwn.net/Articles/508865/ is the
final one
regards,
Nikos
More information about the Gnutls-devel
mailing list