undefined | Better HN

0 pointstoast02y ago0 comments

Isn't TCP + TLS, with false start or TLS 1.3 also three round trips?

C: SYN -> S

S: SYN + ACK -> C

C: ACK -> S

C: Client hello -> S (no need for two separate packets, but almost everyone sends the no data ack)

S: Server hello, certificate, server hello done -> C

C: client key exchange, change cipher spec, finished, application data -> S

S: change cipher spec, finished, application data -> C

In theory, you could use tcp fast open to shave a round trip, and you can use TLS 1.3 early data to get to application data on the second round trip where there's a session to resume, if the client sent data is OK to replay.

0 comments

1 comments · 1 top-level

bluejekyll2y ago

Yes I think you’re correct with pre established connections, etc, TLS 1.3, there are definitely efficiencies there.

j / k navigate · click thread line to collapse