Hi Jeff, On 2/10/19 1:00 AM, Jeff Hedley via Unbound-users wrote: > Hello all, > > Is tfo (TCP Fast Open) supposed to work with forward-zone, tls-upstream > servers? I see that tfo works when unbound attempts recursive (tcp) > queries itself, but when it uses a forward-addr for the query, tfo is > not attempted. > > I'm running unbound 1.9.0 configured with --enable-tfo-client and > -server. I confirmed the same behavior in version 1.8.3 as well.
Unbound performs fastopen for TCP. For TLS it tries to set things up, and on MacOS this means it perform connectx and you (probably) have TFO. For Linux, the first write needs MSG_FASTOPEN, but this write is performed by lib openssl for TLS. For TCP unbound does it. It looks like openssl does not have a function to make it perform TFO on Linux. Best regards, Wouter > > Has anyone else successfully used tfo with a forward-addr tls upstream > server?
Description: OpenPGP digital signature