Unbound 1.9.0 released - 0-RTT
nusenu-lists at riseup.net
Mon Mar 25 22:12:00 UTC 2019
nusenu via Unbound-users:
> Wouter Wijngaards via Unbound-users:
>> There is also TLS session resumption support, that can be enabled with
>> the tls-session-ticket-keys option. Together with the already existing
>> TCP fast open, enabled with --enable-tfo-server --enable-tfo-client,
>> that enables zero RTT stream reconnections to the server.
> Since session ticket based TLS resumption is obsoleted
> in TLS 1.3  and 0-RTT (on the TLS layer) has been introduced in TLS 1.3.
> Does unbound support TLS 1.3 0-RTT aka "early data"? 
> (downstream and upstream?)
>  https://tools.ietf.org/html/rfc8446#section-2.2
>  https://tools.ietf.org/html/rfc8446#section-2.3
this appears to fit well here:
(an early I-D)
> Using Early Data in DNS over TLS
> This document illustrates the risks of using TLS 1.3 early data with
> DNS over TLS, and specifies behaviors that can be adopted by clients
> and servers to reduce those risks.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the Unbound-users