On 07/05/2018 06:25 PM, nusenu via Unbound-users wrote:
Eric Luehrsen via Unbound-users:
If Unbound cache and prefetch parameters are configured properly,
they can mitigate the TLS handshake overhead.
Unless you have a cache hit rate of 100%, cacheing and prefetching
will not be able to compensate missing TLS connection reuse.
(but that was not what my question was about)
Okay, the question was time line. I hope Unbound designers answer with
an outline for time and design considerations. Whether a month or a
year, some short term workaround may be useful. All workarounds (adjust
cache and prefetch) are imperfect but may get by short term. At some
reasonable cache rate, TLS connections will likely expire anyway before
fresh data is needed. Neither server nor client will want excessive
dangling connections. The gap in behavior may not be as big as it seems.