Tim Rühsen
2018-07-16 14:37:03 UTC
FYI
GnuTLS 3.6.3 has been released today with TLS1.3 support (latest draft).
So if you rebuild/link wget or wget2 with the new GnuTLS version, you
can enable TLS1.3 via --ciphers="NORMAL:+VERS-TLS1.3" (wget) resp.
--gnutls-options="NORMAL:+VERS-TLS1.3" (wget2).
Wget2 seems to get a 0RTT with --tls-resume on www.google.com.
I have a ping of 11.5ms and regarding the debug output of wget2, it
takes 13ms to load all 133 certificates from the local store (to load
all certs is flaw in GnuTLS that I brought up there some years ago, but
no solution yet).
$time src/wget2_noinstall -d --gnutls-options="NORMAL:+VERS-TLS1.3"
--tls-resume https://www.google.com
...
real 0m0,027s
That is 14ms left for creating the connection, sending the request and
getting the response on a 11.5ms RTT. The 2.5ms are overhead due to
initializing wget2, printing all the debug messages and saving the file.
Oh, I forgot to say, TCP Fast Open is enabled by default and it is for a
'warm' connection.
Happy testing.
Regards, Tim
GnuTLS 3.6.3 has been released today with TLS1.3 support (latest draft).
So if you rebuild/link wget or wget2 with the new GnuTLS version, you
can enable TLS1.3 via --ciphers="NORMAL:+VERS-TLS1.3" (wget) resp.
--gnutls-options="NORMAL:+VERS-TLS1.3" (wget2).
Wget2 seems to get a 0RTT with --tls-resume on www.google.com.
I have a ping of 11.5ms and regarding the debug output of wget2, it
takes 13ms to load all 133 certificates from the local store (to load
all certs is flaw in GnuTLS that I brought up there some years ago, but
no solution yet).
$time src/wget2_noinstall -d --gnutls-options="NORMAL:+VERS-TLS1.3"
--tls-resume https://www.google.com
...
real 0m0,027s
That is 14ms left for creating the connection, sending the request and
getting the response on a 11.5ms RTT. The 2.5ms are overhead due to
initializing wget2, printing all the debug messages and saving the file.
Oh, I forgot to say, TCP Fast Open is enabled by default and it is for a
'warm' connection.
Happy testing.
Regards, Tim