We show how to establish TLS connections using one less round trip. In our approach, which we call TurboTLS, the initial client-to-server and server-to-client flows of the TLS handshake are sent over UDP rather than TCP. At the same time, in the same flights, the three-way TCP handshake is carried out. Once the TCP connection is established, the client and server can complete the final flight of the TLS handshake over the TCP connection and continue using it for application data. No changes are made to the contents of the TLS handshake protocol, only its delivery mechanism. We avoid problems with UDP fragmentation by using request-based fragmentation, in which the client sends in advance enough UDP requests to provide sufficient room for the server to fit its response with one response packet per request packet. Clients can detect which servers support this without an additional round trip, if the server advertises its support in a DNS HTTPS resource record. Experiments using our software implementation show substantial latency improvements. On reliable connections, we effectively eliminate a round trip without any noticeable cost. To ensure adequate performance on unreliable connections, we use lightweight packet ordering and buffering; we can have a client wait a very small time to receive a potentially lost packet (e.g., a fraction of the RTT observed for the first fragment) before falling back to TCP without any further delay, since the TCP connection was already in the process of being established. This approach offers substantial performance improvements with low complexity, even in heterogeneous network environments with poorly configured middleboxes.

翻译：本文展示了如何以减少一轮往返的方式建立TLS连接。在我们称为TurboTLS的方法中，TLS握手的初始客户端到服务器和服务器到客户端数据流通过UDP而非TCP发送。与此同时，在同一批数据传输中，TCP的三次握手也得以执行。一旦TCP连接建立，客户端和服务器即可通过该TCP连接完成TLS握手的最终数据流，并继续使用该连接传输应用数据。该方法未对TLS握手协议的内容进行任何修改，仅改变了其传输机制。我们通过基于请求的分片技术避免UDP分片问题：客户端预先发送足够数量的UDP请求，为服务器提供充足的响应空间，确保每个请求数据包都能对应一个响应数据包。若服务器在DNS HTTPS资源记录中声明支持此功能，客户端无需额外往返即可检测服务器支持状态。基于我们软件实现的实验显示出显著的延迟改善。在可靠连接上，我们有效消除了一轮往返时间且未产生明显开销。为确保在不可靠连接上的足够性能，我们采用轻量级数据包排序与缓冲机制：客户端可等待极短时间接收可能丢失的数据包（例如，首次分片观测RTT的一小部分），若未收到则立即回退至TCP——由于TCP连接已在建立过程中，此过程不会产生额外延迟。该方法在复杂度较低的情况下提供了显著的性能提升，即使在中间盒配置不当的异构网络环境中亦然。