cURL / Mailing Lists / curl-library / Single Mail


[PATCH v2] TLS False Start support for NSS

From: Alessandro Ghedini <>
Date: Sat, 7 Mar 2015 14:38:51 +0100


I updated the TLS False Start patches I sent a while back to include the various
checks as previously discussed. My implementation now matches the behaviour of
firefox (in fact it's in part the same code).

I've also looked at other TLS implementations, but besides SecureTransport (the
OS X thing) I could not find any that support this. There is a patch for OpenSSL
floating around though [0] which, AFAICT, is available in the Android OpenSSL
build and in BoringSSL, but I'm not sure if it makes sense to implement support
for it in curl just yet (I'm gonna try to see if the OpenSSL developers want to
merge it).

So anyway, see [1] for a way to test this. Note though that the test doesn't
always work (e.g. with because, I suspect, the server
completes the handshake before curl actually starts sending any data to it (I
may be wrong though). The connection still works fine, so no problems there.



List admin:

Received on 2015-03-07