Closed Bug 1395494 Opened 4 years ago Closed 3 years ago
Gmail problem with TFO and TLS1
452.66 KB, application/x-pcapng
455.41 KB, application/x-pcapng
A tcp connection with TLS1.3 is established using the TCP Fast Open. Connection work as expected, i.e. data are send and receive. At some point there is no activity on the connection, this is a user not using gmail for couple of seconds. I have seen log and pcap with the pause about 10s and more. The packets following this pause are send but no tcp ack is received and at some point Http2 session is closed. The same behavior it seen on Chrome on Linux (Chrome does not support TFO on Windows). The combination must be TFO + TLS1.3. If TFO is turned off or TLS1.2 is used the problem does not appear.
options: turn off TFO lower h2 timeout on gmail. Or maybe for any h2 session when TFO and TLS1.3 are used. Non of the options above are good.
We could try to send h2 pings more often.
See Also: → 1380896
I can always reproduce the issue at some specific network, and it won't happen when H2 is disabled. Looking at the capture, when the connection is H1 there is TCP keep-alive every 10 seconds which keeps the TCP connection alive . Browser version: Firefox nightly 57.0a1 TFO: enabled (network.tcp.tcp_fastopen_enable = true) TLS: 1.3 (security.tls.version.max = 4) HTTP/2: disabled (network.http.spdy.enabled.http2 = false)  the network has a 10-second-timeout for only TCP connections established by TFO+TLS 1.3, which seems to be an issue and was tracked by another bug.
Bulk priority update: https://bugzilla.mozilla.org/show_bug.cgi?id=1399258
Priority: -- → P1
Hi all, TFO is currently turned off so you do not see this problem any more, but we still want to figure out what is going on. Can you tell us which operating system you were using when this bug occurred?
I'm on Arch Linux.
I was on Win 10 (64-bit) (Creators Update).
Linux (fedora and ubuntu) 64-bit.
With the fix of bug 1410147, Kershaw can reproduce the issue on MacOS.
A way to mitigate this problem was implemented in bug 1426366.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.