1.1 NPN advertisement to enable TLS False Start

bugzilla Fri, 17 Jan 2014 11:17:59 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=56028


            Bug ID: 56028
           Summary: Add http/1.0, http/1.1 NPN advertisement to enable TLS
                    False Start
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]

TLS False Start [1] helps eliminate full RTT from the TLS handshake. All the
modern browsers support it, but Chrome / FF run an NPN and forward secrecy
check before enabling it [2,3].

Apache landed NPN in 552210 [4], but it does not advertise either "http/1.0" or
"http/1.1" by default, which means that False Start can't be used. mod_spdy
patches this in by default [5], but obviously it would be nice to not require
mod_spdy to enable False Start! Finally, for an example of False Start in
action (albeit on nginx), see:
http://www.igvita.com/2013/12/16/optimizing-nginx-tls-time-to-first-byte/

Long story short: Apache should advertise ["http/1.0", "http/1.1"] on all TLS
connections.

[1] http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00
[2] https://www.imperialviolet.org/2012/04/11/falsestart.html
[3]
http://src.chromium.org/viewvc/chrome/trunk/src/net/third_party/nss/ssl/sslsecur.c?revision=235907#l379
[4] https://issues.apache.org/bugzilla/show_bug.cgi?id=52210
[5]
https://code.google.com/p/mod-spdy/source/browse/trunk/src/mod_spdy/mod_spdy.cc#508

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 56028] New: Add http/1.0, http/1.1 NPN advertisement to enable TLS False Start

Reply via email to