A TLS false start is a feature of Transport Layer Security that reduces some of the latency required by the protocol‘s encryption and authentication processes. Transport Layer Security (TLS) superseded SSL (Secure Socket Layer) protocols, and both are intended to encrypt Internet sessions between two parties, a client and a server. The client, usually an individual Internet user, and the server, a website or network, must communicate to establish a connection to transfer data. TLS is a protocol that aims to secure that connection so that attackers cannot steal confidential information from the Internet session (such as a bank account login or credit card purchase).
The TLS handshake process creates a secure channel to establish an encryption key by:
- Deciding which cipher to use
- Choosing a TLS version that works for both
- Authenticating the parties’ identities, perhaps by using a digital certificate authority
The TLS protocol causes higher latency because the handshake and encryption process takes longer than an unsecured Internet session protocol would. Choosing which cipher the client and server will use takes time, as does authentication. The term false start refers to beginning the transfer of data a little bit early when one of the parties has already completed the choice of cipher and authenticated their identity but has not received confirmation of the same from the other party. This reduces latency somewhat.
A TLS false start is intended to speed the significantly slowed TLS protocol. A client or server can begin to transmit data more quickly. A false start reduces the round trip time (RTT) of the TLS protocol from two to one.
