TCP Fast Open (TFO): Zero-RTT Handshakes

In a standard TCP handshake, you exchange SYN, SYN-ACK, ACK before sending a single byte of data. This is 1 full Round Trip Time (RTT) wasted.

1. Sending Data in the SYN

TCP Fast Open (RFC 7413) uses a cryptographic cookie from a previous connection to prove identity. This allows the client to send the HTTP GET request inside the opening SYN packet.

2. The Middlebox Problem

Why do we not all use it? Because old corporate firewalls and carrier-grade NAT routers see a SYN packet with data payload as "malformed" and drop it. This is why enabling TFO is still risky for public websites, but excellent for private APIs.