nusenu via Unbound-users: > > > Wouter Wijngaards via Unbound-users: >> There is also TLS session resumption support, that can be enabled with >> the tls-session-ticket-keys option. Together with the already existing >> TCP fast open, enabled with --enable-tfo-server --enable-tfo-client, >> that enables zero RTT stream reconnections to the server. > > Since session ticket based TLS resumption is obsoleted > in TLS 1.3 [1] and 0-RTT (on the TLS layer) has been introduced in TLS 1.3. > > Does unbound support TLS 1.3 0-RTT aka "early data"? [2] > (downstream and upstream?) > > > [1] https://tools.ietf.org/html/rfc8446#section-2.2 > [2] https://tools.ietf.org/html/rfc8446#section-2.3 this appears to fit well here:
(an early I-D) https://datatracker.ietf.org/doc/draft-ghedini-dprive-early-data/ > Using Early Data in DNS over TLS > draft-ghedini-dprive-early-data-00 > > Abstract > > This document illustrates the risks of using TLS 1.3 early data with > DNS over TLS, and specifies behaviors that can be adopted by clients > and servers to reduce those risks. -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu
signature.asc
Description: OpenPGP digital signature
