TCP Fast Open — Disabled in Microsoft Edge

Microsoft Hero WPC

In today’s Ask the Admin, I will explain how TCP Fast Open (TFO) helps to speed up browsing in Microsoft Edge and why it has been turned off by default in the latest cumulative update for Windows 10 Creators Update.

 

 

Support for TFO has been in Windows 10 since last year’s Anniversary Update but was only enabled in Edge on the release of the Creators Update in April. TFO is a new protocol option that allows data to be sent using Transport Layer Security (TLS) in the initial TCP handshake. It speeds up successive connections to the same server.

TFO stores a cookie on the client once the initial handshake has completed. If a subsequent connection is made from the client, the cookie is sent to the server. This allows further handshakes to be performed more efficiently. TFO results in a Round Trip Time (RTT) of 1. It has a bit of help from TCP False Start, as opposed to 3-RTT for standard TLS 1.2 connections. Not only is a low RTT important for reducing latency, it also means power savings for mobile devices.

Enable TCP Fast Open in the about:flags settings in Microsoft Edge (Image Credit: Russell Smith)
Enable TCP Fast Open in the About:Flags Settings in Microsoft Edge (Image Credit: Russell Smith)

The initial release of the Creators Update enabled TFO in Edge for the first time but Microsoft disabled TFO in Edge in a recent cumulative update. Microsoft cited that it caused issues for some customers but that users could manually re-enable TFO in an about:flags setting in Edge. The problem Microsoft faces is that some older firewalls and routers drop SYN packets with large headers. This results in the decision to disable the feature.

TLS 1.3 and 0-RTT

It might seem like a setback for Microsoft but the next revision of TLS aims for 0-RTT. TLS 1.3 was enabled in Google Chrome in February 2017 but it was later pulled due to some issues with endpoint security software. TLS 1.3 has not been fully ratified. Microsoft has stated that it is committed to delivering TLS 1.3. This will happen when some of the final security issues have been ironed out.

In the meantime, while I generally do not recommend straying from default settings, I have not experienced any issues in Edge with TFO enabled. Your experience might differ. TFO certainly does seem to make TLS-enabled sites snappier.

In this article, I explained how TFO can be enabled in Microsoft Edge to speed up browsing sites that use TLS. I also looked at TLS 1.3, which aims to reduce RTT to 0.