Hi Michael,

Am Freitag, den 14.12.2018, 14:59 +0000 schrieb Michael Tremer:
> Hi,
> 
> > On 14 Dec 2018, at 12:03, erik.kapfer <ummeegge(a)ipfire.org> wrote:
> > 
> > Fixes #11945
> > 
> > This do not enables TFO support in general there is still the
> > execution of
> > echo 3 > /proc/sys/net/ipv4/tcp_fastopen
> > needed after every reboot (rc.local e.g.).
> > 
> 
> Why does this not enable it? Setting that value to 3 is what the
> sysctl command does.
> 
> I am confused.

you are right, mixed there testings up but used also old descriptions.
There is no need to echo '3' to tcp_fastopen to survive reboots.
Should i amend the patch and correct the commit message ?

Did now some tests with OpenSSL-1.1.1a whereby unbound includes the TFO
configure options and DoT  seems *really* much faster then DoT on
another system without TFO support for unbound and OpenSSL-1.1.0i but
am currently not able to find some TFO usage evidence except the TFO
key

$ cat /proc/sys/net/ipv4/tcp_fastopen_key                
750532b8-36e6eb1d-800cb58e-3008f1f1

Monitoring examples like in here -->
https://blog.wasin.io/blog/2016/12/26/how-to-enable-fast-tcp-open-on-ubuntu.html
didn´t deliver any results but they are also old 
(echo 3 > /proc/sys/net/ipv4/tcp_fastopen) is in this description 
also included which is outdated, possibly the monitoring examples are too.

Best,

Erik