Closed Bug 1395494 Opened 4 years ago Closed 3 years ago

Gmail problem with TFO and TLS1.3


(Core :: Networking: HTTP, defect, P2)

57 Branch



Tracking Status
firefox57 --- affected


(Reporter: dragana, Assigned: dragana)



(Whiteboard: [necko-triaged])


(2 files)

A tcp connection with TLS1.3 is established using the TCP Fast Open. Connection work as expected, i.e. data are send and receive.

At some point there is no activity on the connection, this is a user not using gmail for couple of seconds.

I have seen log and pcap with the pause about 10s and more.

The packets following this pause are send but no tcp ack is received and at some point Http2 session is closed.

The same behavior it seen on Chrome on Linux (Chrome does not support TFO on Windows).

The combination must be TFO + TLS1.3. If TFO is turned off or TLS1.2 is used the problem does not appear.
turn off TFO
lower h2 timeout on gmail. Or maybe for any h2 session when TFO and TLS1.3 are used.

Non of the options above are good.
We could try to send h2 pings more often.
Whiteboard: [necko-active]
I can always reproduce the issue at some specific network, and it won't happen when H2 is disabled. Looking at the capture, when the connection is H1 there is TCP keep-alive every 10 seconds which keeps the TCP connection alive [1].

Browser version: Firefox nightly 57.0a1
TFO: enabled (network.tcp.tcp_fastopen_enable = true)
TLS: 1.3 (security.tls.version.max = 4)
HTTP/2: disabled (network.http.spdy.enabled.http2 = false)

[1] the network has a 10-second-timeout for only TCP connections established by TFO+TLS 1.3, which seems to be an issue and was tracked by another bug.
It becomes reproducible in H1, if I do the same thing as comment 3, but increase the value of network.http.tcp_keepalive.short_lived_idle_time from 10 to 30.

So, the suggestion in comment 2 might solve the problem.
Bulk priority update:
Priority: -- → P1
Priority: P1 → P2
Whiteboard: [necko-active]
Whiteboard: [necko-triaged]
Hi all,

TFO is currently turned off so you do not see this problem any more, but we still want to figure out what is going on.
Can you tell us which operating system you were using when this bug occurred?
Flags: needinfo?(tcampbell)
Flags: needinfo?(stephen.donner)
Flags: needinfo?(nika)
Flags: needinfo?(gandalf)
Flags: needinfo?(bugmail)
I'm on Arch Linux.
Flags: needinfo?(gandalf)
I was on Win 10 (64-bit) (Creators Update).
Flags: needinfo?(tcampbell)
Linux 64-bit
Flags: needinfo?(bugmail)
Linux (fedora and ubuntu) 64-bit.
Flags: needinfo?(nika)
With the fix of bug 1410147, Kershaw can reproduce the issue on MacOS.
Flags: needinfo?(stephen.donner)
A way to mitigate this problem was implemented in bug 1426366.
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.