Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 24th at 1 PM ET!
Security|Windows 10|Windows Client OS

TCP Fast Open -- Disabled in Microsoft Edge

In today’s Ask the Admin, I will explain how TCP Fast Open (TFO) helps to speed up browsing in Microsoft Edge and why it has been turned off by default in the latest cumulative update for Windows 10 Creators Update.



Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

Support for TFO has been in Windows 10 since last year’s Anniversary Update but was only enabled in Edge on the release of the Creators Update in April. TFO is a new protocol option that allows data to be sent using Transport Layer Security (TLS) in the initial TCP handshake. It speeds up successive connections to the same server.

TFO stores a cookie on the client once the initial handshake has completed. If a subsequent connection is made from the client, the cookie is sent to the server. This allows further handshakes to be performed more efficiently. TFO results in a Round Trip Time (RTT) of 1. It has a bit of help from TCP False Start, as opposed to 3-RTT for standard TLS 1.2 connections. Not only is a low RTT important for reducing latency, it also means power savings for mobile devices.

Enable TCP Fast Open in the about:flags settings in Microsoft Edge (Image Credit: Russell Smith)
Enable TCP Fast Open in the About:Flags Settings in Microsoft Edge (Image Credit: Russell Smith)

The initial release of the Creators Update enabled TFO in Edge for the first time but Microsoft disabled TFO in Edge in a recent cumulative update. Microsoft cited that it caused issues for some customers but that users could manually re-enable TFO in an about:flags setting in Edge. The problem Microsoft faces is that some older firewalls and routers drop SYN packets with large headers. This results in the decision to disable the feature.

TLS 1.3 and 0-RTT

It might seem like a setback for Microsoft but the next revision of TLS aims for 0-RTT. TLS 1.3 was enabled in Google Chrome in February 2017 but it was later pulled due to some issues with endpoint security software. TLS 1.3 has not been fully ratified. Microsoft has stated that it is committed to delivering TLS 1.3. This will happen when some of the final security issues have been ironed out.

In the meantime, while I generally do not recommend straying from default settings, I have not experienced any issues in Edge with TFO enabled. Your experience might differ. TFO certainly does seem to make TLS-enabled sites snappier.

In this article, I explained how TFO can be enabled in Microsoft Edge to speed up browsing sites that use TLS. I also looked at TLS 1.3, which aims to reduce RTT to 0.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.


Sponsored By