TCP Fast Open, TLS False Start, and TLS 1.3 can improve both performance and security in Microsoft Edge.
The first improvement comes from the TLS False Start
option, which allows the client to start sending encrypted data immediately after the first TLS roundtrip. With that, we are down to 1-RTT for TLS, or 2-RTT if we count the TCP connection. We have already enabled TLS False Start in Microsoft Edge, with a set of strong cipher suites.
The next improvement comes from the TCP Fast Open
procedure, defined in RFC 7413. The RFC defines a new TCP option, containing a “Fast Open Cookie.” When a “Fast Open capable” client connects to a server for the first time, it inserts an empty cookie in the initial TCP SYN message, prompting the server to send back a valid cookie in the response. For the subsequent connections, the client copies the cookie in the TCP SYN message, and then sends data immediately. If the server recognizes the data as valid, it will accept the data and pass them to the application. When TCP Fast Open is enabled, data can be sent before the connection complete, and the responses will arrive immediately. When we combine TCP Fast Open and TLS False Start, the key negotiation is performed simultaneously with the initial TCP handshake. There is just 1-RTT before the HTTP traffic starts.
For more information, see: Building a faster and more secure web with TCP Fast Open, TLS False Start, and TLS 1.3 | Microsoft Edge Dev Blog
This tutorial will show you how to enable or disable TCP Fast Open
for a faster and more secure web in Microsoft Edge
for your account in Windows 10