Improve documentation about dynamic TLS records

essentialkaos · May 4, 2024 · 54c8680 · 54c8680
1 parent b733caa
commit 54c8680
Showing 1 changed file with 25 additions and 28 deletions.
diff --git a/DYNAMIC_TLS_RECORDS.md b/DYNAMIC_TLS_RECORDS.md
@@ -8,8 +8,7 @@
 
 ### What we do now
 
-We use a static record size of 4K.
-This gives a good balance of latency and throughput.
+We use a static record size of 4K. This gives a good balance of latency and throughput.
 
 #### Configuration
 
@@ -23,42 +22,40 @@ http {
 
 #### Optimize latency
 
-By initialy sending small (1 TCP segment) sized records,
-we are able to avoid HoL blocking of the first byte.
-This means TTFB is sometime lower by a whole RTT.
+By initialy sending small (_1 TCP segment_) sized records, we are able to avoid HoL blocking of the first byte. This means TTFB is sometime lower by a whole RTT.
 
 #### Optimizing throughput
 
 By sending increasingly larger records later in the connection,
 when HoL is not a problem, we reduce the overhead of TLS record
-(29 bytes per record with GCM/CHACHA-POLY).
+(_29 bytes per record with `GCM/CHACHA-POLY`_).
 
 #### Logic
 
 Start each connection with small records
-(1369 byte default, change with `ssl_dyn_rec_size_lo`).
+(_1369 byte default, change with `ssl_dyn_rec_size_lo`_).
 
-After a given number of records (40, change with `ssl_dyn_rec_threshold`)
-start sending larger records (4229, `ssl_dyn_rec_size_hi`).
+After a given number of records (_40, change with `ssl_dyn_rec_threshold`_)
+start sending larger records (_4229, `ssl_dyn_rec_size_hi`_).
 
 Eventually after the same number of records,
-start sending the largest records (`ssl_buffer_size`).
+start sending the largest records (_`ssl_buffer_size`_).
 
 In case the connection idles for a given amount of time
-(1s, `ssl_dyn_rec_timeout`), the process repeats itself
-(i.e. begin sending small records again).
+(_1s, `ssl_dyn_rec_timeout`_), the process repeats itself
+(_i.e. begin sending small records again_).
 
 ### Configuration directives
 
 #### ssl_dyn_rec_enable
-* **syntax**: `ssl_dyn_rec_enable bool`
-* **default**: `off`
-* **context**: `http`
+- Syntax: **ssl_dyn_rec_enable** _bool_;
+- Default: ssl_dyn_rec_enable off;
+- Context: http, server
 
 #### ssl_dyn_rec_timeout
-* **syntax**: `ssl_dyn_rec_timeout number`
-* **default**: `1000`
-* **context**: `http`
+- Syntax: **ssl_dyn_rec_timeout** _number_;
+- Default: ssl_dyn_rec_timeout 1000;
+- Context: http, server
 
 We want the initial records to fit into one TCP segment
 so we don't get TCP HoL blocking due to TCP Slow Start.
@@ -72,25 +69,25 @@ the process from the start. The actual parameters are
 configurable. If `ssl_dyn_rec_timeout` is `0`, we assume `ssl_dyn_rec` is `off`.
 
 #### ssl_dyn_rec_size_lo
-* **syntax**: `ssl_dyn_rec_size_lo number`
-* **default**: `1369`
-* **context**: `http`
+- Syntax: **ssl_dyn_rec_size_lo** _number_;
+- Default: ssl_dyn_rec_size_lo 1369;
+- Context: http, server
 
 Default sizes for the dynamic record sizes are defined to fit maximal
 TLS + IPv6 overhead in a single TCP segment for lo and 3 segments for hi:
-1369 = 1500 - 40 (IP) - 20 (TCP) - 10 (Time) - 61 (Max TLS overhead)
+1369 = 1500 - 40 (_IP_) - 20 (_TCP_) - 10 (_Time_) - 61 (_Max TLS overhead_)
 
 #### ssl_dyn_rec_size_hi
-* **syntax**: `ssl_dyn_rec_size_hi number`
-* **default**: `4229`
-* **context**: `http`
+- Syntax: **ssl_dyn_rec_size_hi** _number_;
+- Default: ssl_dyn_rec_size_hi 4229;
+- Context: http, server
 
 4229 = (1500 - 40 - 20 - 10) * 3  - 61
 
 #### ssl_dyn_rec_threshold
-* **syntax**: `ssl_dyn_rec_threshold number`
-* **default**: `40`
-* **context**: `http`
+- Syntax: **ssl_dyn_rec_threshold** _number_;
+- Default: ssl_dyn_rec_threshold 40;
+- Context: http, server
 
 ### License