FYI GnuTLS 3.6.3 has been released today with TLS1.3 support (latest draft).
So if you rebuild/link wget or wget2 with the new GnuTLS version, you can enable TLS1.3 via --ciphers="NORMAL:+VERS-TLS1.3" (wget) resp. --gnutls-options="NORMAL:+VERS-TLS1.3" (wget2). Wget2 seems to get a 0RTT with --tls-resume on www.google.com. I have a ping of 11.5ms and regarding the debug output of wget2, it takes 13ms to load all 133 certificates from the local store (to load all certs is flaw in GnuTLS that I brought up there some years ago, but no solution yet). $time src/wget2_noinstall -d --gnutls-options="NORMAL:+VERS-TLS1.3" --tls-resume https://www.google.com ... real 0m0,027s That is 14ms left for creating the connection, sending the request and getting the response on a 11.5ms RTT. The 2.5ms are overhead due to initializing wget2, printing all the debug messages and saving the file. Oh, I forgot to say, TCP Fast Open is enabled by default and it is for a 'warm' connection. Happy testing. Regards, Tim
signature.asc
Description: OpenPGP digital signature
