TCP Fast Open — Disabled in Microsoft Edge
In today’s Ask the Admin, I will explain how TCP Fast Open (TFO) helps to speed up browsing in Microsoft Edge and why it has been turned off by default in the latest cumulative update for Windows 10 Creators Update.
Support for TFO has been in Windows 10 since last year’s Anniversary Update but was only enabled in Edge on the release of the Creators Update in April. TFO is a new protocol option that allows data to be sent using Transport Layer Security (TLS) in the initial TCP handshake. It speeds up successive connections to the same server.
TFO stores a cookie on the client once the initial handshake has completed. If a subsequent connection is made from the client, the cookie is sent to the server. This allows further handshakes to be performed more efficiently. TFO results in a Round Trip Time (RTT) of 1. It has a bit of help from TCP False Start, as opposed to 3-RTT for standard TLS 1.2 connections. Not only is a low RTT important for reducing latency, it also means power savings for mobile devices.
The initial release of the Creators Update enabled TFO in Edge for the first time but Microsoft disabled TFO in Edge in a recent cumulative update. Microsoft cited that it caused issues for some customers but that users could manually re-enable TFO in an about:flags setting in Edge. The problem Microsoft faces is that some older firewalls and routers drop SYN packets with large headers. This results in the decision to disable the feature.
TLS 1.3 and 0-RTT
It might seem like a setback for Microsoft but the next revision of TLS aims for 0-RTT. TLS 1.3 was enabled in Google Chrome in February 2017 but it was later pulled due to some issues with endpoint security software. TLS 1.3 has not been fully ratified. Microsoft has stated that it is committed to delivering TLS 1.3. This will happen when some of the final security issues have been ironed out.
In the meantime, while I generally do not recommend straying from default settings, I have not experienced any issues in Edge with TFO enabled. Your experience might differ. TFO certainly does seem to make TLS-enabled sites snappier.
In this article, I explained how TFO can be enabled in Microsoft Edge to speed up browsing sites that use TLS. I also looked at TLS 1.3, which aims to reduce RTT to 0.
More in Windows Client OS
How to Install Google Drive for Desktop (Install & Set Up)
Nov 23, 2022 | Rabia Noureen
How to Use LAPS to Manage Local Admin Account Passwords in Active Directory and Azure AD
Nov 14, 2022 | Michael Reinders
Microsoft's November Patch Tuesday Updates Fix 69 Windows Flaws
Nov 9, 2022 | Laurent Giret
What Are the Different Windows Logon Types?
Oct 31, 2022 | Michael Reinders
October 2022 Patch Tuesday Updates Fix 85 Windows Vulnerabilities
Oct 12, 2022 | Laurent Giret
How to Run Commands and Programs Remotely Using PsExec
Oct 3, 2022 | Michael Reinders
Most popular on petri