We show how to establish TLS connections using one less round trip. In our approach, which we call TurboTLS, the initial client-to-server and server-to-client flows of the TLS handshake are sent over UDP rather than TCP. At the same time, in the same flights, the three-way TCP handshake is carried out. Once the TCP connection is established, the client and server can complete the final flight of the TLS handshake over the TCP connection and continue using it for application data. No changes are made to the contents of the TLS handshake protocol, only its delivery mechanism. We avoid problems with UDP fragmentation by using request-based fragmentation, in which the client sends in advance enough UDP requests to provide sufficient room for the server to fit its response with one response packet per request packet. Clients can detect which servers support this without an additional round trip, if the server advertises its support in a DNS HTTPS resource record. Experiments using our software implementation show substantial latency improvements. On reliable connections, we effectively eliminate a round trip without any noticeable cost. To ensure adequate performance on unreliable connections, we use lightweight packet ordering and buffering; we can have a client wait a very small time to receive a potentially lost packet (e.g., a fraction of the RTT observed for the first fragment) before falling back to TCP without any further delay, since the TCP connection was already in the process of being established. This approach offers substantial performance improvements with low complexity, even in heterogeneous network environments with poorly configured middleboxes.

翻译：我们展示了如何通过减少一次往返来建立TLS连接。在我们的方法（称为TurboTLS）中，TLS握手的初始客户端到服务器以及服务器到客户端数据流通过UDP而非TCP发送。同时，在同一数据流中完成三次TCP握手。一旦TCP连接建立，客户端和服务器即可通过该TCP连接完成TLS握手的最终数据流，并继续使用它传输应用数据。我们对TLS握手协议的内容未作任何修改，仅改变了其传输机制。通过采用基于请求的分片技术——客户端预先发送足够多的UDP请求，为服务器提供足够的空间，使其能以每个请求包对应一个响应包的方式容纳响应——我们避免了UDP分片问题。若服务器在DNS HTTPS资源记录中通告其支持，客户端无需额外往返即可检测支持该协议的服务器。使用我们软件实现的实验显示了显著的延迟改进。在可靠连接上，我们实际上在不产生任何明显代价的情况下消除了一个往返。为确保在不可靠连接上获得充分性能，我们采用了轻量级的数据包排序和缓冲；客户端可以等待极短时间（例如，第一个分片观测到的RTT的一部分）以接收可能丢失的数据包，然后再回退到TCP而无需进一步延迟，因为此时TCP连接已在建立过程中。即使是在中间盒配置不佳的异构网络环境中，该方法也能以低复杂度提供显著的性能提升。