manual/html_node/Reducing-round_002dtrips.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- This manual is last updated 4 March 2015 for version
3.5.4 of GnuTLS.

Copyright (C) 2001-2015 Free Software Foundation, Inc.\\
Copyright (C) 2001-2015 Nikos Mavrogiannopoulos

Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.  A
copy of the license is included in the section entitled "GNU Free
Documentation License". -->
<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ -->
<head>
<title>GnuTLS 3.5.4: Reducing round-trips</title>

<meta name="description" content="GnuTLS 3.5.4: Reducing round-trips">
<meta name="keywords" content="GnuTLS 3.5.4: Reducing round-trips">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Setting-up-the-transport-layer.html#Setting-up-the-transport-layer" rel="up" title="Setting up the transport layer">
<link href="DTLS-sessions.html#DTLS-sessions" rel="next" title="DTLS sessions">
<link href="Asynchronous-operation.html#Asynchronous-operation" rel="prev" title="Asynchronous operation">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
body { 
	margin: 2%;
	padding: 0 5%;
	background: #ffffff;
}
h1,h2,h3,h4,h5 {
    font-weight: bold;
    padding: 5px 5px 5px 5px;
    background-color: #c2e0ff;
    color: #336699;
}
h1 {
    padding: 2em 2em 2em 5%;
    color: white;
    background: #336699;
    text-align: center;
    letter-spacing: 3px;
}
h2 { text-decoration: underline; }
pre {
  margin: 0 5%;
  padding: 0.5em;
}
pre.example,pre.verbatim {
  padding-bottom: 1em;

  border: solid #c2e0ff;
  background: #f0faff;
  border-width: 1px 1px 1px 5px;
  margin: 1em auto;
  width: 90%;
}

div.node {
  margin: 0 -5% 0 -2%;
  padding: 0.5em 0.5em;
  margin-top: 0.5em;
  margin-bottom: 0.5em;
  font-weight: bold;
}
dd, li {
  padding-top: 0.1em;
  padding-bottom: 0.1em;
}
div.float {

  margin-bottom: 0.5em;
  text-align: center;
}

table {
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  border-spacing: 7px;
  width: 50%;
}

th {
  padding: 0;
  color: #336699;
  background-color: #c2e0ff;
  border: solid #000000;
  border-width: 0px;
  margin: 1em auto;
  text-align: center;
  margin-left:auto;
  margin-right:auto;
}

td {
  padding: 0;
  border: solid #000000;
  background-color: #f0faff;
  border-width: 0px;
  margin: 1em auto;
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  padding-left: 1em;
}

dl {
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  width: 50%;

  padding-left: 1em;
  border: solid #c2e0ff;
  background: #f0faff;
  border-width: 5px 1px 1px 1px;
  margin: 1em auto;
}

-->
</style>


</head>

<body lang="en">
<a name="Reducing-round_002dtrips"></a>
<div class="header">
<p>
Next: <a href="DTLS-sessions.html#DTLS-sessions" accesskey="n" rel="next">DTLS sessions</a>, Previous: <a href="Asynchronous-operation.html#Asynchronous-operation" accesskey="p" rel="prev">Asynchronous operation</a>, Up: <a href="Setting-up-the-transport-layer.html#Setting-up-the-transport-layer" accesskey="u" rel="up">Setting up the transport layer</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Reducing-round_002dtrips-1"></a>
<h4 class="subsection">6.5.2 Reducing round-trips</h4>

<p>The full TLS 1.2 handshake requires 2 round-trips to complete, and when
combined with TCP&rsquo;s SYN and SYN-ACK negotiation it extends to 3 full
round-trips. While, the abbreviated (resumed) TLS handshake drops that to 2.5
round-trips, it still adds considerable latency, reducing its applicability
to certain applications.
</p>
<p>In client side, it is possible to take advantage of the TCP fast open
[<em>RFC7413</em>] mechanism on operating
systems that support it. That can be done either by manually crafting the push and pull
callbacks, or by utilizing <a href="Socket-specific-API.html#gnutls_005ftransport_005fset_005ffastopen">gnutls_transport_set_fastopen</a>. In that
case the initial TCP handshake is eliminated, reducing the TLS handshake round-trip to 2.
Note, that in that case any connection failures will be reported during the
<a href="Core-TLS-API.html#gnutls_005fhandshake">gnutls_handshake</a> function call with error code
<code>GNUTLS_E_PUSH_ERROR</code>.
</p>


<dl>
<dt><a name="index-gnutls_005ftransport_005fset_005ffastopen"></a>Function: <em>void</em> <strong>gnutls_transport_set_fastopen</strong> <em>(gnutls_session_t <var>session</var>, int <var>fd</var>, struct sockaddr * <var>connect_addr</var>, socklen_t <var>connect_addrlen</var>, unsigned int <var>flags</var>)</em></dt>
<dd><p><var>session</var>: is a <code>gnutls_session_t</code>  type.
</p>
<p><var>fd</var>: is the session&rsquo;s socket descriptor
</p>
<p><var>connect_addr</var>: is the address we want to connect to
</p>
<p><var>connect_addrlen</var>: is the length of  <code>connect_addr</code> 
</p>
<p><var>flags</var>: must be zero
</p>
<p>Enables TCP Fast Open (TFO) for the specified TLS client session.
That means that TCP connection establishment and the transmission
of the first TLS client hello packet are combined. The
peer&rsquo;s address must be  specified in  <code>connect_addr</code> and  <code>connect_addrlen</code> ,
and the socket specified by  <code>fd</code> should not be connected.
</p>
<p>TFO only works for TCP sockets of type AF_INET and AF_INET6.
If the OS doesn&rsquo;t support TCP fast open this function will result
to gnutls using <code>connect()</code>  transparently during the first write.
</p>
<p><strong>Note:</strong> This function overrides all the transport callback functions.
If this is undesirable, TCP Fast Open must be implemented on the user
callback functions without calling this function. When using
this function, transport callbacks must not be set, and 
<code>gnutls_transport_set_ptr()</code>  or <code>gnutls_transport_set_int()</code> 
must not be called.
</p>
<p>On GNU/Linux TFO has to be enabled at the system layer, that is
in /proc/sys/net/ipv4/tcp_fastopen, bit 0 has to be set.
</p>
<p>This function has no effect on server sessions.
</p>
<p><strong>Since:</strong> 3.5.3
</p></dd></dl>

<p>In non-resumed sessions it is possible to further reduce the round-trips to
a single one by taking advantage of the <a href="False-Start.html#False-Start">False Start</a> TLS extension.
This can be enabled by setting the <acronym>GNUTLS_ENABLE_FALSE_START</acronym> flag
on <a href="Core-TLS-API.html#gnutls_005finit">gnutls_init</a>.
</p>
<hr>
<div class="header">
<p>
Next: <a href="DTLS-sessions.html#DTLS-sessions" accesskey="n" rel="next">DTLS sessions</a>, Previous: <a href="Asynchronous-operation.html#Asynchronous-operation" accesskey="p" rel="prev">Asynchronous operation</a>, Up: <a href="Setting-up-the-transport-layer.html#Setting-up-the-transport-layer" accesskey="u" rel="up">Setting up the transport layer</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>


</body>
</html>