Avoid bare TCP ACKs during TLS-on-connect startup.

    We can't get the QUICKACK turned off on the accepted socket fast enough to
    stop the ACK for the ClientHello - but we get the rest, under OpenSSL.

1 files changed, 23 insertions, 2 deletions

diff --git a/test/scripts/1100-Basic-TLS/1160 b/test/scripts/1100-Basic-TLS/1160
index ce7298e47..e57867e1c 100644
--- a/test/scripts/1100-Basic-TLS/1160
+++ b/test/scripts/1100-Basic-TLS/1160
@@ -4,8 +4,29 @@
 # For GnuTLS, additionally run the daemon under sudo.
 # Tell wireshark to use DIR/spool/sslkeys for Master Secret log, and decode TCP/1225 as TLS, TLS/1225 as SMTP
 #
-# sudo exim -DSERVER=server -d+tls -bd -oX PORT_D
-exim -DSERVER=server -bd -oX PORT_D
+# We get (TLS1.3 , OpenSSL):
+#    SYN		>
+#			< SYN,ACK
+#    ACK		>
+#    Client Hello	>
+#			< Server Hello, Change Ciph, Extensions, Cert, Cert Verify, Finished
+#    Change Ciph,Finsh	>
+#			< Banner
+#    EHLO		>
+#			< EHLO resp
+#    MAIL,RCPT,DATA	>
+#			< ACK,ACK,DATA-go-ahead
+#
+# GnuTLS splits both the server records and the client response pair over two TCP segments:
+#    Client Hello	>
+#			< Server Hello, Change Ciph
+#    Change Ciph	>
+#			< Extensins, Cert, Cert Verify, Finished
+#    Finished		>
+# (otherwise the same).  The extra segments are piplined and do not incur an extra roundtrip time.
+#
+# exim -DSERVER=server -bd -oX PORT_D
+sudo exim -DSERVER=server -d+tls -bd -oX PORT_D
 ****
 exim CALLER@test.ex
 Test message. Contains FF: ÿ