Alex alex at
Fri Dec 20 21:06:59 UTC 2013

On 2013-12-20 21:19, Maxim Konovalov wrote:
> On 12/19/13 1:59 PM, athalas wrote:
>> Where would we find documentation on the "fastopen" parameter?

In the documentation above it's pointed out that the server needs to
tolerate the possibility of receiving duplicate initial SYN segments. I
am not exactly sure on what level I would ensure that the server
performs properly in this regard. According to the draft on TFO
(, 2.1.:

   Rather than trying to capture all the dubious SYN packets to make TFO
   100% compatible with TCP semantics, we've made a design decision
   early on to accept old SYN packets with data, i.e., to allow TFO for
   a class of applications that are tolerant of duplicate SYN packets
   with data, e.g., idempotent or query type transactions. We believe
   this is the right design trade-off balancing complexity with
   usefulness. There is a large class of applications that can tolerate
   dubious transaction requests.

   For this reason, TFO MUST be disabled by default, and only enabled
   explicitly by applications on a per service port basis.

Wouldn't it be the responsibility of nginx (the application) to handle
duplicate SYNs?

More information about the nginx mailing list