AnsweredAssumed Answered

TCP Fast Open status scanning

Question asked by Avamander S on Dec 9, 2018

It would be really nice if the SSL Server Test also took one brief look at if the destination server supports TCP Fast Open, I know it isn't strictly the scanners job to show that but HTTP version is displayed, why not go one layer lower. If TCP options are looked at then possibly detecting TCP_NODELAY and maybe even TCP_CORK/TCP_NOPUSH wouldn't hurt either. (These options could also be looked at in the client test actually, but I digress.)

 

One additional thing, I think SSL Server Test has had a really great impact on the general security of web servers displaying TFO status could motivate server owners to enable it and thus possibly improve general browsing experience. Oh, and there'd actually finally be a place online where TFO deployment % could be checked.

Outcomes