TLS False Start?
602 views
Skip to first unread message
sna...@gmail.com
Jan 28, 2016, 2:05:25 AM1/28/16
to golang-nuts
GoLang 1.6 has HTTPv2 and that requires TLS.
False Start makes TLS handshakes more efficient, but I see no information about if GoLang supports it.
In the interest of increasing HTTPv2 adoption, has this efficiency been investigated?
Nigel Tao
Jan 28, 2016, 8:54:41 PM1/28/16
to sna...@gmail.com, Adam Langley, Brad Fitzpatrick, golang-nuts
Brad Fitzpatrick
Jan 28, 2016, 10:07:25 PM1/28/16
to Nigel Tao, sna...@gmail.com, Adam Langley, golang-nuts
Adam wrote about this:
But it's been some time and NPN/ALPN are much more prevalent nowadays, I'd suspect.
Adam?
Andy Jackson
Jan 28, 2016, 10:24:49 PM1/28/16
to Brad Fitzpatrick, Adam Langley, Nigel Tao, golang-nuts
So enabling it for servers is always acceptable, but for clients it should be a enabled during NPN and remembered like Chrome & Firefox do.
It's also safe in a micro-services environment where respondents are Go servers.
Thanks for considering it,
Andrew Jackson.
Adam Langley
Jan 29, 2016, 5:16:26 PM1/29/16
to Andy Jackson, Brad Fitzpatrick, Nigel Tao, golang-nuts
On Thu, Jan 28, 2016 at 7:24 PM, Andy Jackson <sna...@gmail.com> wrote:
>
> So enabling it for servers is always acceptable, but for clients it should be a enabled during NPN and remembered like Chrome & Firefox do.
>
> It's also safe in a micro-services environment where respondents are Go servers.
>
> Thanks for considering it,
I'm not sure whether any servers have actually tried using False
>
> So enabling it for servers is always acceptable, but for clients it should be a enabled during NPN and remembered like Chrome & Firefox do.
>
> It's also safe in a micro-services environment where respondents are Go servers.
>
> Thanks for considering it,
Start. I've only ever written it for clients.
It could be done in Go, although it would make the code a little more
complex so it certainly has its costs too. Keep in mind that the
latency of False Start is the same as a TLS resumption so making sure
that your servers and clients get resumption right should be the first
priority in this area. False Start mostly helps clients that talk to
lots of different servers, many of which aren't well configured (i.e.
browsers).
Cheers
AGL
ch...@catlover.com
Feb 1, 2016, 6:32:24 PM2/1/16
to golang-nuts, sna...@gmail.com
false start is overkill. i'd rather absorb the latency costs of one round trip during the handshake - it is not worth the risks. same goes for tls renegotiation, I'd rather tear down the connection and reestablish it.
Igor Gatis
Nov 7, 2016, 4:56:06 PM11/7/16
to golang-nuts
Say you have thousands of devices which you have control over. They all use GPRS (2G), with ~700ms of latency. TLS handshake may cost ~4s sometimes when mobile coverage is good and astonishing 20s when it is not or packet loss is high by any reason.
False Start could make a huge difference.
How do I enable False Start on my Go reverse proxy (Window Server 2012) and go client running on linux 2.6 on an ARM? (Bonus: C++ client with libcurl and linux like OS)?
Igor Gatis
Dec 27, 2016, 9:20:48 PM12/27/16
to golang-nuts
Ping. I could not find any info on how to turn on TLS False Start support. Help.
Reply all
Reply to author
Forward
0 new messages