Ping-pong while the TLS asynchronously processes ClientHello #4217
Comments
|
@kazuho do I understand this correctly, this is primarily an efficiency issue, as retransmissions of the initial will be going back and forth during the time until the server can send its ServerHello to the client? So if the server wouldn't ACK the initial then the PTO timer will fire after 0.5 seconds in the client. But in case if the server ACKs then the PTO will be updated based on the actual RTT between client and server and thus occur much more frequently in most cases. So what would be the fix, to change the recommendation on ACKing until the server hello is available on the initial? |
|
I believe this issue was discussed in the past(#3546), and the solution we reached consensus on was to not reset pto_count on the client until it knows the server has completed address validation. ie:
|
From Transport draft; section 8.1: To prevent this deadlock, clients MUST send a packet on a probe timeout (PTO, see Section 6.2 of [QUIC-RECOVERY]).
From TLS draft; section 4.1.4: While waiting for TLS processing to complete, ... (snip). An endpoint SHOULD continue to respond to packets that can be processed during this time.
These two statements together lead to a ping-pong of packets when the server-side TLS stack takes time in generating ServerHello. That's because every time the client sends an Initial probe, the server will be acknowledging that packet immediately.
Note that there are cases where the server might actually spend time in generating ServerHello:
Note: This issue has been spun off from #4183 (comment), as it is not related to PMTU.
The text was updated successfully, but these errors were encountered: