Low-Latency TLS 1.3-aware Hole Punching

Current P2P applications using real-time communication often waste 1-2 RTTs when communicating via TLS-secured protocols. This waste is caused by middleboxes such as firewalls and network address translators that make up to 87% of nodes non-routable from the Internet. Middlebox traversal protocols like hole punching must be applied first to establish a connection to these nodes. Only then-after a node has become routable-protocols such as DTLS or QUIC can start securing the connection with a TLS-based handshake. This sequential use of hole punching and TLS introduces a redundant handshake overhead that delays connection establishment. This paper presents a middlebox traversal approach that piggybacks TLS 1.3-based handshakes to reduce connection establishment time. The approach does not require changes to the actual TLS-based handshake and thus does not negatively impact the protocol's security. As a result, our approach saves 1-2 RTTs for setting up TLS-secured communication through middleboxes and prevents attacks on the actual middlebox traversal process.