Security|Windows 10|Windows Client OS

TCP Fast Open -- Disabled in Microsoft Edge

In today’s Ask the Admin, I will explain how TCP Fast Open (TFO) helps to speed up browsing in Microsoft Edge and why it has been turned off by default in the latest cumulative update for Windows 10 Creators Update.



Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Support for TFO has been in Windows 10 since last year’s Anniversary Update but was only enabled in Edge on the release of the Creators Update in April. TFO is a new protocol option that allows data to be sent using Transport Layer Security (TLS) in the initial TCP handshake. It speeds up successive connections to the same server.

TFO stores a cookie on the client once the initial handshake has completed. If a subsequent connection is made from the client, the cookie is sent to the server. This allows further handshakes to be performed more efficiently. TFO results in a Round Trip Time (RTT) of 1. It has a bit of help from TCP False Start, as opposed to 3-RTT for standard TLS 1.2 connections. Not only is a low RTT important for reducing latency, it also means power savings for mobile devices.

Enable TCP Fast Open in the about:flags settings in Microsoft Edge (Image Credit: Russell Smith)
Enable TCP Fast Open in the About:Flags Settings in Microsoft Edge (Image Credit: Russell Smith)

The initial release of the Creators Update enabled TFO in Edge for the first time but Microsoft disabled TFO in Edge in a recent cumulative update. Microsoft cited that it caused issues for some customers but that users could manually re-enable TFO in an about:flags setting in Edge. The problem Microsoft faces is that some older firewalls and routers drop SYN packets with large headers. This results in the decision to disable the feature.

TLS 1.3 and 0-RTT

It might seem like a setback for Microsoft but the next revision of TLS aims for 0-RTT. TLS 1.3 was enabled in Google Chrome in February 2017 but it was later pulled due to some issues with endpoint security software. TLS 1.3 has not been fully ratified. Microsoft has stated that it is committed to delivering TLS 1.3. This will happen when some of the final security issues have been ironed out.

In the meantime, while I generally do not recommend straying from default settings, I have not experienced any issues in Edge with TFO enabled. Your experience might differ. TFO certainly does seem to make TLS-enabled sites snappier.

In this article, I explained how TFO can be enabled in Microsoft Edge to speed up browsing sites that use TLS. I also looked at TLS 1.3, which aims to reduce RTT to 0.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: