> Le 27 mars 2017 à 17:42, Igor Pav <[email protected]> a écrit : > >> 1-RTT should be ok on server with boringssl, alpn http/1.1 and AEAD >> ciphers. >> For client i think it lack an option to activate FalseStart. > > Could we fix this with a future option? > You can add SSL_MODE_ENABLE_FALSE_START (for mode in ssl_sock_prepare_srv_ctx) I have no time to test this. but it should work with boringssl. If it’s as simple as that, a patch could be accepted.
>> >> For 0-RTT is not clear for me, > i only know it need TLSv1.3 with psk mechanism. >> It also introduce a security hole as said Cloudflare int this blog > > For backend ssl client, should be OK with 0 rtt. In some scenario, > having long roundtrip backend ssl server, 0 rtt should help a lot. > > ref1: https://blog.cloudflare.com/introducing-0-rtt/ > ref2: https://github.com/nghttp2/nghttp2/pull/846 > For backend indeed. I will look at this if nobody do it. ++ Manu
