diff options
| author | Todd Short <tshort@akamai.com> | 2021-09-08 16:23:04 -0400 |
|---|---|---|
| committer | Todd Short <todd.short@me.com> | 2022-03-10 10:42:43 -0500 |
| commit | a3e53d56831adb60d6875297b3339a4251f735d2 (patch) | |
| tree | c931c5b2cc9a63f80e4f3ae3a366b70064b897ae /doc/man7 | |
| parent | 97896f744d9ee4f2e821e3383caac8e8c5f226cf (diff) | |
Add TFO support to socket BIO and s_client/s_server
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
Diffstat (limited to 'doc/man7')
| -rw-r--r-- | doc/man7/bio.pod | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/doc/man7/bio.pod b/doc/man7/bio.pod index 9b86e9493d..0155bf6a40 100644 --- a/doc/man7/bio.pod +++ b/doc/man7/bio.pod @@ -36,7 +36,6 @@ BIO and one or more filter BIOs. Data read from or written to the first BIO then traverses the chain to the end (normally a source/sink BIO). - Some BIOs (such as memory BIOs) can be used immediately after calling BIO_new(). Others (such as file BIOs) need some additional initialization, and frequently a utility function exists to create and initialize such BIOs. @@ -52,6 +51,29 @@ pointer to a BIO_METHOD. There is a naming convention for such functions: a source/sink BIO typically starts with I<BIO_s_> and a filter BIO with I<BIO_f_>. +=head2 TCP Fast Open + +TCP Fast Open (RFC7413), abbreviated "TFO", is supported by the BIO +interface since OpenSSL 3.1. TFO is supported in the following operating systems: + +=over 4 + +=item * Linux kernel 3.13 and later, where TFO is enabled by default. + +=item * Linux kernel 4.11 and later, using TCP_FASTOPEN_CONNECT. + +=item * FreeBSD 10.3 to 11.4, supports server TFO only. + +=item * FreeBSD 12.0 and later, supports both client and server TFO. + +=item * macOS 10.14 and later. + +=back + +Each operating system has a slightly different API for TFO. Please +refer to the operating systems' API documentation when using +sockets directly. + =head1 EXAMPLES Create a memory BIO: @@ -65,7 +87,9 @@ L<BIO_f_base64(3)>, L<BIO_f_buffer(3)>, L<BIO_f_cipher(3)>, L<BIO_f_md(3)>, L<BIO_f_null(3)>, L<BIO_f_ssl(3)>, L<BIO_f_readbuffer(3)>, -L<BIO_find_type(3)>, L<BIO_new(3)>, +L<BIO_find_type(3)>, +L<BIO_get_conn_mode(3)>, +L<BIO_new(3)>, L<BIO_new_bio_pair(3)>, L<BIO_push(3)>, L<BIO_read_ex(3)>, L<BIO_s_accept(3)>, L<BIO_s_bio(3)>, @@ -73,6 +97,9 @@ L<BIO_s_connect(3)>, L<BIO_s_fd(3)>, L<BIO_s_file(3)>, L<BIO_s_mem(3)>, L<BIO_s_null(3)>, L<BIO_s_socket(3)>, L<BIO_set_callback(3)>, +L<BIO_set_conn_mode(3)>, +L<BIO_set_tfo(3)>, +L<BIO_set_tfo_accept(3)>, L<BIO_should_retry(3)> =head1 COPYRIGHT @@ -85,4 +112,3 @@ in the file LICENSE in the source distribution or at L<https://www.openssl.org/source/license.html>. =cut - |