Why TLS 1.3 Still Takes 2 RTTs: Debugging Nagle’s Algorithm and TCP Delays

1. Introduction

Before the main text, the primary differences between TLS 1.3 and TLS 1.2 are introduced: faster response (handshake reduced from 2 RTT to 1 RTT, plus a 0‑RTT mode) and higher security (more encrypted handshake data and a dramatically simplified cipher‑suite list—only five suites versus hundreds in TLS 1.2).

The author upgraded a service to TLS 1.3 but observed that the round‑trip time did not decrease as expected, prompting a detailed investigation.

2. Troubleshooting

Testing the server shows an RTT of about 36 ms, yet the TLS handshake still consumes 2 RTT. A Wireshark capture reveals that the additional RTT appears at packet 12, where the server sends the Certificate Verify and Finished messages only after receiving the client’s ACK for packet 9.

Further analysis of TCP factors that affect how much data can be sent in a single burst includes receive window size, MSS, congestion control (slow start and congestion avoidance), and tcp_wmem settings.

The configuration tcp_nodelay off enables Nagle’s algorithm, which aggregates small packets to improve efficiency at the cost of added latency.

Nagle’s algorithm works by delaying transmission of small segments until an ACK is received or enough data accumulates to fill an MSS. Its rules are:

Full‑size packets may be sent immediately.

Packets containing FIN may be sent.

If TCP_NODELAY is set, send immediately.

All small packets have been acknowledged, then send.

If none of the above apply, send after a timeout (≈200 ms).

In the capture, packets 9 and 12 are small, so the server waited for the ACK of packet 9 before sending packet 12, adding one RTT.

Because Nagle’s algorithm adds latency, it is unsuitable for latency‑sensitive scenarios like TLS 1.3 handshakes. Disabling it (setting TCP_NODELAY) reduced the handshake to the expected 1 RTT.

3. Conclusion

After disabling Nagle’s algorithm, the TLS handshake time dropped to 1 RTT, reducing first‑visit latency for domestic users by 10‑40 ms and for overseas users by up to several hundred milliseconds.

This experience demonstrates that while TLS 1.3 promises a logical 1‑RTT handshake, the actual end‑to‑end latency is still influenced by lower‑layer protocols such as TCP.

Recommended Reading

Detailed analysis of RFC 8446 (TLS 1.3)

TLS 1.3 wish list

RFC 8446 specification

Nagle algorithm and TCP packet coalescing

RFC 896 (TCP congestion control)