Best current practices for TCP-ENO configuration
TCP-ENO negotiates encryption of TCP connections, protecting legacy applications and protocols from passive eavesdropping. TCP-ENO generally falls back to unencrypted TCP when not supported by both endpoints or the network. Nonetheless, certain middlebox behavior could cause TCP connections to fail entirely in conjunction with TCP- ENO. This document specifies conventions for servers against which TCP-ENO machines can test network paths for TCP-ENO compatibility, and describes the best current practice for enabling TCP-ENO only when it is unlikely to cause connection failure.