From 66f5700b107dfeb6e5ca6b1b6515671375d9bda7 Mon Sep 17 00:00:00 2001
From: MDLeom <2809763-curben@users.noreply.gitlab.com>
Date: Tue, 24 Mar 2020 01:29:43 +0000
Subject: [PATCH] post(caddy-nixos-2): limited TFO support in server

---
 source/_posts/caddy-nixos-part-2.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/source/_posts/caddy-nixos-part-2.md b/source/_posts/caddy-nixos-part-2.md
index b023cd5..dbda38a 100644
--- a/source/_posts/caddy-nixos-part-2.md
+++ b/source/_posts/caddy-nixos-part-2.md
@@ -293,7 +293,7 @@ Based on [Ubuntu Wiki](https://wiki.ubuntu.com/ImprovedNetworking/KernelSecurity
     "net.ipv6.conf.all.accept_source_route" = 0;
     # Protect against tcp time-wait assassination hazards
     "net.ipv4.tcp_rfc1337" = 1;
-    # Latency reduction
+    # TCP Fast Open (TFO)
     "net.ipv4.tcp_fastopen" = 3;
     ## Bufferbloat mitigations
     # Requires >= 4.9 & kernel module
@@ -302,3 +302,5 @@ Based on [Ubuntu Wiki](https://wiki.ubuntu.com/ImprovedNetworking/KernelSecurity
     "net.core.default_qdisc" = "cake";
   };
 ```
+
+TCP Fast Open ([TFO](https://en.wikipedia.org/wiki/Tcp_fast_open)) is enabled by default (`tcp_fastopen = 1`) for outgoing connection since 3.13. As of writing, TFO has limited server support; Caddy, Tor and I2Pd don't support it yet, so enabling it for incoming and outgoing connections (`3`) has no effect.