HOME

TheInfoList



Click Here for Items Related To - TCP Fast Open
OR:
TCP Fast Open on:   [Wikipedia]   [Google]   [Amazon]

In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a ''TFO cookie'' (a TCP option), which is a cryptographic cookie stored on the client and set upon the initial connection with the server. When the client later reconnects, it sends the initial SYN packet along with the TFO cookie data to authenticate itself. If successful, the server may start sending data to the client even before the reception of the final ACK packet of the three-way handshake, thus skipping a round-trip delay and lowering the latency in the start of data transmission. The cookie is generated by applying a
block cipher In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called ''blocks''. Block ciphers are specified cryptographic primitive, elementary components in the design of many cryptographic protocols and ...
keyed on a key held secret by the server to the client's, generating an authentication tag that is difficult for third parties to spoof, even if they can forge a source IP address or make two-way connections to the same server from other IP addresses. Although it uses cryptographic techniques to generate the cookie, TFO is not intended to provide more security than the three-way handshake it replaces, and does not give any form of cryptographic protection to the resulting TCP connection, or provide identity assurance about either endpoint. It also is not intended to be resistant to man-in-the-middle attacks. If such resistance is required, it may be used in combination with a cryptographic protocol such as
TLS TLS may refer to: Computing * Transport Layer Security, a cryptographic protocol for secure computer network communication * Thread level speculation, an optimisation on multiprocessor CPUs * Thread-local storage, a mechanism for allocating vari ...
or IPsec. TFO has been difficult to deploy due to protocol ossification; in 2020, no Web browsers used it by default. TFO presents
privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...
challenges; the TFO cookie can allow persistently tracking a client across sessions, even by passive observers.


History

The TFO proposal was originally presented in 2011 and was published as the experimental RFC 7413 in December 2014. TCP Fast Open shares the goal of bypassing the three-way handshake of TCP with an earlier proposal from 1994, called T/TCP (RFC 1644). In contrast to TCP Fast Open, T/TCP paid no attention to security, opening a path for vulnerabilities and failing to gain traction.


Characteristics

TFO implementations include the following: *
IPv4 Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version de ...
support for TFO was merged into the Linux kernel mainline in kernel versions 3.6 (support for clients) and 3.7 (Dec 2012) (support for servers), and was turned on by default in kernel version 3.13 (Jan 2014). TFO support for IPv6 servers was merged in kernel version 3.16. *
FreeBSD FreeBSD is a free and open-source Unix-like operating system descended from the Berkeley Software Distribution (BSD), which was based on Research Unix. The first version of FreeBSD was released in 1993. In 2005, FreeBSD was the most popular ...
from version 10.3 (support for servers) and 12.0. (support for clients). *
Mozilla Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and a ...
from version 58. The support was disabled by default due to network device compatibility issues with TFO and TLS 1.3 and eventually removed in version 87. *
Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS ...
and
Chromium Chromium is a chemical element with the symbol Cr and atomic number 24. It is the first element in group 6. It is a steely-grey, lustrous, hard, and brittle transition metal. Chromium metal is valued for its high corrosion resistance and hardne ...
browsers have support for TFO on Linux, including ChromeOS and
Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Bugdroid, a Google mascot sometimes referred to ...
. * Exim mail transfer agent (MTA) from version 4.88. * Unbound DNS Resolver from version 1.5.10. * BIND Domain Name System (DNS) from version 9.11.0. * Knot DNS from version 2.6.0. * Apple's iOS 9 and
OS X 10.11 OS X El Capitan ( ) () is the twelfth software versioning, major release of macOS (named OS X at the time of El Capitan's release), Apple Inc.'s desktop and server (computing), server operating system for Macintosh. It focuses mainly on perform ...
both support TCP Fast Open, but it is not enabled for individual connections by default. * Microsoft Edge supports TCP Fast Open since Windows 10 Preview build 14352. * PowerDNS Recursor supports TCP Fast Open from version 4.1. *
dnsmasq dnsmasq is free software providing Domain Name System (DNS) caching, a Dynamic Host Configuration Protocol (DHCP) server, router advertisement and network boot features, intended for small computer networks. dnsmasq has low requirements for ...
supports TCP-fastopen (RFC-7413) from version 2.81.


See also

* SPDY *
SYN cookies Syn or SYN may refer to: In arts and entertainment In music *The Syn, a band *Synyster Gates, lead guitarist of the band Avenged Sevenfold Fictional characters *Doctor Syn, in novels by Russell Thorndike Other uses in arts and entertainment *SY ...
*
TCP Cookie Transactions TCP Cookie Transactions (TCPCT) is specified in RFC 6013 (historic status, formerly experimental) as an extension of Transmission Control Protocol (TCP) intended to secure it against denial-of-service attacks, such as resource exhaustion by SYN flo ...
*
0-RTT Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securi ...
* QUIC


References


Bibliography

* *


External links

* {{IETF RFC, 7413 specification Fast Open