PKI Consortium
Size limit in TLS session establishment #28
-
|
Mike Ounswirth mentioned there is a size limit in the Server Hello in TLS due to TCP congestion window. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Great question. TLS "works" with larger keys and packet fragmentation. If you're testing on a local, unsaturated, network you might not even notice the difference. But people like CloudFlare seem to care, and care a lot about violating the TCP congestion window, for example see Cloudflare blog: Sizing Up Post-Quantum Signatures -- the discussion on TCP Congestion Window starts about halfway down the page. Their conclusion seems to be that congestion window violation alone can more-than-triple TLS handshake times from 100 ms to 300 ms. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you Mike. |
Beta Was this translation helpful? Give feedback.
Great question.
I don't claim to be an expert here, but I will give it a try based on discussions that I've overheard.
TLS "works" with larger keys and packet fragmentation. If you're testing on a local, unsaturated, network you might not even notice the difference. But people like CloudFlare seem to care, and care a lot about violating the TCP congestion window, for example see Cloudflare blog: Sizing Up Post-Quantum Signatures -- the discussion on TCP Congestion Window starts about halfway down the page. Their conclusion seems to be that congestion window violation alone can more-than-triple TLS handshake times from 100 ms to 300 ms.