bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] TLS1.3 via GnuTLS


From: Tim Rühsen
Subject: [Bug-wget] TLS1.3 via GnuTLS
Date: Mon, 16 Jul 2018 16:37:03 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

FYI

GnuTLS 3.6.3 has been released today with TLS1.3 support (latest draft).

So if you rebuild/link wget or wget2 with the new GnuTLS version, you
can enable TLS1.3 via --ciphers="NORMAL:+VERS-TLS1.3"  (wget) resp.
--gnutls-options="NORMAL:+VERS-TLS1.3" (wget2).

Wget2 seems to get a 0RTT with --tls-resume on www.google.com.
I have a ping of 11.5ms and regarding the debug output of wget2, it
takes 13ms to load all 133 certificates from the local store (to load
all certs is flaw in GnuTLS that I brought up there some years ago, but
no solution yet).

$time src/wget2_noinstall -d --gnutls-options="NORMAL:+VERS-TLS1.3"
--tls-resume https://www.google.com
...

real    0m0,027s

That is 14ms left for creating the connection, sending the request and
getting the response on a 11.5ms RTT. The 2.5ms are overhead due to
initializing wget2, printing all the debug messages and saving the file.

Oh, I forgot to say, TCP Fast Open is enabled by default and it is for a
'warm' connection.

Happy testing.

Regards, Tim

Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]