[Pkg-openssl-devel] Bug#935133: Bug#935133: Bug#935133: slow TLS handshake renders browsers and email client unusable
Timo van Roermund
timo at van-roermund.nl
Sun Nov 1 11:27:06 GMT 2020
On Thu, 29 Aug 2019 12:28:16 -0700 nbi <nbi.vegas at gmail.com> wrote:
> While I may be the first to report this to Debian bugs casual googling
> turns up other reports of this to the Internet at large.
>
> The good news is that the MTU workaround seems to be working as there
> has not been any TLS handshake issues since the workaround was applied.
> While I'm completely baffled as to why this should be the case (MTU size
> should be totally transparent at the TLS level) I'll take the victory. I
> guess this ticket can be closed and revisited if need be.
My theory: the delay might be explained by a combination of packet
re-transmission (of IP packets carrying the TLS handshake payload) and
'Path MTU Discovery'.
You could check the value of /proc/sys/net/ipv4/tcp_mtu_probing.
Possible values:
0: disabled
1: enabled when black hole detected
2: always enabled
If this is set to 1, the kernel might detect a 'black hole' when using
the original MTU and adjust (lower) the MTU value automatically.
Subsequent re-transmission of IP packets carrying the TLS handshake
payload may then be sent using a smaller MTU and (finally) proceed.
More information about the Pkg-openssl-devel
mailing list