cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH v2] TLS False Start support for NSS

From: Alessandro Ghedini <alessandro_at_ghedini.me>
Date: Sat, 7 Mar 2015 14:38:51 +0100

Hello,

I updated the TLS False Start patches I sent a while back to include the various
checks as previously discussed. My implementation now matches the behaviour of
firefox (in fact it's in part the same code).

I've also looked at other TLS implementations, but besides SecureTransport (the
OS X thing) I could not find any that support this. There is a patch for OpenSSL
floating around though [0] which, AFAICT, is available in the Android OpenSSL
build and in BoringSSL, but I'm not sure if it makes sense to implement support
for it in curl just yet (I'm gonna try to see if the OpenSSL developers want to
merge it).

So anyway, see [1] for a way to test this. Note though that the test doesn't
always work (e.g. with https://google.com) because, I suspect, the server
completes the handshake before curl actually starts sending any data to it (I
may be wrong though). The connection still works fine, so no problems there.

Cheers

[0] https://android.googlesource.com/platform/external/openssl/+/master/patches/0002-handshake_cutthrough.patch
[1] http://curl.haxx.se/mail/lib-2015-02/0100.html

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2015-03-07