0-RTT

README.md

@@ -136,6 +136,7 @@ sudo make install
 	* OpenSSL
 	* ML-KEM
 * https://www.semanticscholar.org/paper/Energy-Profiling-and-Comparison-of-TLS-Protocols-Gatram-Reddy/9c061fe57a0008574b85919bc70fc803c6e66f06
+	* Energy Profiling and Comparison of TLS Protocols for Embedded Devices: Experimental Study
 	* 2024
 	* RaspberryPi
 	* TLS PQ, TLS KEM, TLS
@@ -185,6 +186,15 @@ sudo make install
 * https://hal.science/hal-04197885/document
 	* Empreinte carbone de la transmission de données sur le backbone RENATER
 	* 2021
+* https://ieeexplore.ieee.org/document/10971851/
+	* Optimizing TLS/SSL for IoT Devices: Performance Enhancements and Security Considerations
+	* 2024
+* https://ieeexplore.ieee.org/document/10060762/
+	* Performance Evaluation of Quantum-Resistant TLS for Consumer IoT Devices
+	* 2023
+* 
+	* Evaluating the Energy Profile of Tasks Managed by  Build Automation Tools in Continuous Integration  Workflows: The Case of Apache Maven and Gradle
+	* 2025
 
 ## Sources
 
@@ -207,29 +217,21 @@ firefox -P tlsbench
 
 In settings, disable DNS security.
 
-In `about:config`, set `devtools.chrome.enabled` to `true`.
+In `about:config`, set:
+* `devtools.chrome.enabled` to `true`
+* `network.dns.forceResolve` to `127.0.0.1`
 
 In the `about:config` tab, open the console, execute this script to override DNS for the selected names, and redirect them to localhost:
 
-```js
-const gOverride = Cc["@mozilla.org/network/native-dns-override;1"].getService(Ci.nsINativeDNSResolverOverride);
-gOverride.clearOverrides();
-var names = [
-	"apple.com", "www.apple.com",
-	"yt3.ggpht.com",
-	"accounts.google.com", "www.google.com",
-	"fonts.gstatic.com", "www.gstatic.com",
-	"mzstatic.com",
-	"wikimedia.org", "intake-analytics.wikimedia.org", "meta.wikimedia.org", "upload.wikimedia.org",
-	"wikipedia.org", "fr.wikipedia.org",
-	"youtube.com", "www.youtube.com",
-	"i.ytimg.com"
-];
-for(var i in names) {
-	gOverride.addIPOverride(names[i], "127.0.0.1");
-}
+Run the shell commands:
+
+```bash
+python exp.py make debug -c
+python exp.py update-certs debug
 ```
 
+In Firefox, go to security settings, Certificates, import `/dev/shm/exp/certs/prime256v1/ca.crt` and trust it for identifying websites.
+
 Stop anything running on ports 80 or 443.
 
 Start the record proxy:
@@ -325,7 +327,13 @@ Install OpenSSL with debug symbols:
 /usr/bin/perl ./Configure --release -g --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/x86_64-linux-gnu shared no-idea no-mdc2 no-rc5 no-ssl3 no-ssl3-method enable-rfc3779 enable-cms no-capieng no-rdrand enable-zlib enable-ec_nistp_64_gcc_128 linux-x86_64
 ```
 
-Backup your system's `libcrypto.so` and `libssl.so` and replace them with the new ones.
+To build rpxy with this openssl:
+
+```bash
+OPENSSL_LIB_DIR=/home/pi/reps/openssl-openssl-3.6.0/ OPENSSL_DIR=/home/pi/reps/openssl-openssl-3.6.0/ cargo build --release
+```
+
+Or: Backup your system's `libcrypto.so` and `libssl.so` and replace them with the new ones.
 It would be simpler with `LD_PRELOAD` but Rust loads dynamic libraries in a particuliar way so it doesn't work.
 
 Authorize non-root users to use perf:
@@ -372,3 +380,14 @@ Get the most used domains here https://www.akamai.com/fr/security-research/akara
 python crawler.py crawl /dev/shm/top1K.csv
 python crawler.py stat /dev/shm/crawl.json
 ```
+
+## 0-RTT
+
+```bash
+echo "hello world" > /dev/shm/ed
+openssl s_server -port 8000 -cert /dev/shm/exp/certs/prime256v1/wikipedia.org.crt -key /dev/shm/exp/certs/prime256v1/wikipedia.org.key -early_data
+# First req, without early data
+echo | openssl s_client -no-interactive -keylogfile /dev/shm/client.txt -sess_out sessions 127.0.0.1:8000
+# Second req, using 0-RTT for early data
+echo | openssl s_client -no-interactive -early_data /dev/shm/ed -keylogfile /dev/shm/client.txt -sess_in sessions 127.0.0.1:8000
+```