X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/90e0b2485d19eea5e93b5adad2fbcce5fc48a237..af8a610f0b90ae66f32b7c6ec31381bdd8457b59:/test/scripts/1100-Basic-TLS/1160?ds=sidebyside diff --git a/test/scripts/1100-Basic-TLS/1160 b/test/scripts/1100-Basic-TLS/1160 index ce7298e47..77eef1f06 100644 --- a/test/scripts/1100-Basic-TLS/1160 +++ b/test/scripts/1100-Basic-TLS/1160 @@ -4,6 +4,50 @@ # For GnuTLS, additionally run the daemon under sudo. # Tell wireshark to use DIR/spool/sslkeys for Master Secret log, and decode TCP/1225 as TLS, TLS/1225 as SMTP # +# We get (TLS1.3 , OpenSSL): +# SYN > +# < SYN,ACK +# ACK > +# Client Hello > +# < Server Hello, Change Ciph, Extensions, Cert, Cert Verify, Finished +# Change Ciph,Finsh > +# < Banner +# EHLO > +# < EHLO resp +# MAIL,RCPT,DATA > +# < ACK,ACK,DATA-go-ahead +# +# GnuTLS splits both the server records and the client response pair over two TCP segments: +# Client Hello > +# < Server Hello, Change Ciph +# Change Ciph > +# < Extensins, Cert, Cert Verify, Finished +# Finished > +# (otherwise the same). The extra segments are piplined and do not incur an extra roundtrip time. +# +# To see that pipelining: +# sudo tc qdisc add dev lo root netem delay 50ms / sudo tc qdisc delete dev lo root +# +# To test TFO, enable in the transport in the conf/ file +# With TFO we get the Client Hello on the SYN, and the initial Server segment pipelined with/after the SYN,ACK +# and before the 3rd-ACK. We still can't merge the 3rd-ACK with the second Client record set, +# but it does ack the initial Server data. +# +# To see the TFO((R): +# First clear any previously-obtained cookie: +#sudo perl +#open(INFO, "-|", "/usr/bin/uname -s"); +#$_ = ; +#if (/^FreeBSD/) { +#system("sysctl net.inet.tcp.fastopen.client_enable=0"); system("sysctl net.inet.tcp.fastopen.client_enable=1"); +#} else { +#system ("[ -e /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec ] && echo 0 > /proc/sys/net/ipv4/tcp_fastopen_blackhole_timeout_sec"); +#system ("ip tcp_metrics delete 127.0.0.1"); +#} +# +#**** +# +# # sudo exim -DSERVER=server -d+tls -bd -oX PORT_D exim -DSERVER=server -bd -oX PORT_D ****