On Wed, Jan 20, 2016 at 06:01:00PM +0000, Nounou Dadoun wrote:
> But if the TFO data payload is in the first SYN how can it be encrypted
> (etc) even before the TCP handshake is complete (let alone the SSL
> handshake) unless the calls are unbundled and serialized somehow.
The TCP first-flight data will be the TLS ClientHello message. This
saves one round-trip on repeat visits:
C: SYN + TFO-COOKIE + TLS ClientHello
S: SYN-ACK
S: ACK + TLS Server Hello ...
...
--
Viktor.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
