> This demonstrates a very common misconception about TCP. I know that some > implementation choke if the TLS ClientHello spans multiple TCP segments such > that it requires multiple reads. David Benjamin has written about this > several times. It's rare though and a bad basis to make decisions on.
TCP fast open data cannot span multiple TCP segments. -----Original Message----- From: Martin Thomson <[email protected]> Sent: Tuesday, August 13, 2024 8:37 AM To: [email protected] Subject: [TLS]Re: Meta deploying -hybrid-design On Mon, Aug 12, 2024, at 17:49, Deirdre Connolly wrote: >> In the future, an increase in MTU, or utilizing QUIC, which allows for >> multiple initial packets, may allow for larger ClientHellos without an >> additional round trip. This demonstrates a very common misconception about TCP. I know that some implementation choke if the TLS ClientHello spans multiple TCP segments such that it requires multiple reads. David Benjamin has written about this several times. It's rare though and a bad basis to make decisions on. >> To address this, we had the client split each service into different TLS >> session scopes – one using classical key exchange, and one using hybrid key >> exchange. Each session scope thus uses only one named group each, avoiding >> the keyshare thrashing behavior described above. The tradeoff is space >> consumption due to having to store more session tickets, but this has been >> acceptable given the small size of each session ticket (a few hundred bytes). This smells proprietary. _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected] _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
