# Enhanced Performance for the encrypted Web through TLS Resumption across   Hostnames

**Authors:** Erik Sy, Moritz Moennich, Tobias Mueller, Hannes Federrath, and Mathias Fischer

arXiv: 1902.02531 · 2019-02-08

## TL;DR

This paper introduces a TLS extension that enables cross-hostname session resumption, significantly reducing connection delays and cryptographic overhead for the encrypted web.

## Contribution

It proposes a novel TLS extension allowing clients to resume sessions across hostnames, challenging current TLS 1.3 recommendations and improving web performance.

## Key findings

- 58.7% of TLS handshakes can be resumed across hostnames
- 44% reduction in CPU time for TLS connections
- up to 30.6% faster connection establishment for websites

## Abstract

TLS can resume previous connections via abbreviated resumption handshakes that significantly decrease the delay and save expensive cryptographic operations. For that, cryptographic TLS state from previous connections is reused. TLS version 1.3 recommends to avoid resumption handshakes, and thus the reuse of cryptographic state, when connecting to a different hostname. In this work, we reassess this recommendation, as we find that sharing cryptographic TLS state across hostnames is a common practice on the web. We propose a TLS extension that allows the server to inform the client about TLS state sharing with other hostnames. This information enables the client to efficiently resume TLS sessions across hostnames. Our evaluation indicates that our TLS extension provides huge performance gains for the web. For example, about 58.7% of the 20.24 full TLS handshakes that are required to retrieve an average website on the web can be converted to resumed connection establishments. This yields to a reduction of 44% of the CPU time consumed for TLS connection establishments. Furthermore, our TLS extension accelerates the connection establishment with an average website by up to 30.6% for TLS 1.3. Thus, our proposal significantly reduces the (energy) costs and the delay overhead in the encrypted web.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1902.02531/full.md

## Figures

7 figures with captions in the complete paper: https://tomesphere.com/paper/1902.02531/full.md

## References

16 references — full list in the complete paper: https://tomesphere.com/paper/1902.02531/full.md

---
Source: https://tomesphere.com/paper/1902.02531