Edge Browser Microsoft

TCP Fast Open, alongside TLS False Start and TLS 1.3 are Microsoft’s trump cards in providing enhanced user experience and security with the Edge browser by deploying encryption without slowing down the internet. The TCP Fast Open option is located in the about:flags settings of Windows Insider Preview builds that have EdgeHTML 14.14361 or higher.

microsoft-edge-about-flags-windows blog

TLS False Start allows the client to start sending encrypted data to servers immediately after the connection is established. When augmented with TCP Fast Open, data can be sent even before connections end and allows immediate delivery of responses.

Microsoft says that using TLS 1.3 may remove the typical delays of connections entirely.

The tricky process of encryption

In practice, adding modern encryption requires more data transfers between servers and clients which add hundreds of milliseconds to page load time. These “round trip times” (RTT) might be enough for users to switch to new websites.

Today, more than half of web connections use TLS (Transport Layer Security protocol) for secure network traffic by providing secure communication between servers and clients. TLS operates on top of TCP (Transmission Control Protocol) which establishes and maintains connections until programs at each end finish exchanging messages.

Current connections requiring TLS over TCP needs 3-RTT. However, Microsoft Edge can already utilize TCP Fast Open and TLS False Start to reduce the delay from 3-RTT to 1-RTT.

The new TLS 1.3 standard to be released this summer might remove the delay completely (0-RTT) while still encrypting content.

However, this is tricky as it requires sending key material and encrypted data from the client without waiting for feedback. This makes data at risk of being captured by adversaries.

These issues are likely to be resolved when the TLS 1.3 comes out. In the meantime, TCP Fast Open and TLS False Start can be enabled on Windows Insider Preview builds as an intermittent solution.