On Mon, Jul 16, 2018 at 6:37 PM, Tim Rühsen <tim.rueh...@gmx.de> wrote: > FYI > > GnuTLS 3.6.3 has been released today with TLS1.3 support (latest draft). > > So if you rebuild/link wget or wget2 with the new GnuTLS version, you > can enable TLS1.3 via --ciphers="NORMAL:+VERS-TLS1.3" (wget) resp. > --gnutls-options="NORMAL:+VERS-TLS1.3" (wget2). > > Wget2 seems to get a 0RTT with --tls-resume on www.google.com. > I have a ping of 11.5ms and regarding the debug output of wget2, it > takes 13ms to load all 133 certificates from the local store (to load > all certs is flaw in GnuTLS that I brought up there some years ago, but > no solution yet). > > $time src/wget2_noinstall -d --gnutls-options="NORMAL:+VERS-TLS1.3" > --tls-resume https://www.google.com > ... >
Thanks Tim. I'm sending a patch to the mailing list in a few minutes. > real 0m0,027s > > That is 14ms left for creating the connection, sending the request and > getting the response on a 11.5ms RTT. The 2.5ms are overhead due to > initializing wget2, printing all the debug messages and saving the file. > > Oh, I forgot to say, TCP Fast Open is enabled by default and it is for a > 'warm' connection. > > Happy testing. > > Regards, Tim >