search

eduardsui / tlse

Single C file TLS 1.2/1.3 implementation, using tomcrypt as crypto library
Other
537 stars 87 forks source link

Support for TCP FAST OPEN #39

Closed kiranns closed 5 years ago

kiranns commented 5 years ago

Previous exchange of this issue (in the context of #38)

=================== For TCP fast open+ TLS you should do something like this: tls_sni_set(context, "hostname"); tls_client_connect(context)

connect(sockfd, ...) // do your TCP-related stuff here tls_get_write_buffer(context, ...);

TCP FAST Open is not like any of the other options in TCP. Here, we have to send the first message of the TLS exchange ('Client Hello') message along with the SYN of the TCP connection, i.e. even before the "connect(sockfd)" call. Hence it needs specific changes at the TLS level.

From https://lwn.net/Articles/508865/, we need something along these lines : sfd = socket(AF_INET, SOCK_STREAM, 0);

sendto(sfd, data, data_len, MSG_FASTOPEN, 
            (struct sockaddr *) &server_addr, addr_len);
    // Replaces connect() + send()/write()

It would be nice if you can help with addressing this issue.

eduardsui commented 5 years ago

tls_client_connect builds the TLS client hello. It doesn’t perform any socket I/O (or tcp-layer connect). It just builds the client hello. Then you may call socket and sendto for the pending tls buffer. I really don’t see any problem.