Incomputer networking,tcpcrypt is atransport layer communicationencryption protocol.^[1][2] Unlike prior protocols likeTLS (SSL), tcpcrypt is implemented as aTCP extension. It was designed by a team of six security and networking experts: Andrea Bittau, Mike Hamburg,Mark Handley, David Mazières,Dan Boneh and Quinn Slack.^[3] Tcpcrypt has been published as an Internet Draft.^[4] Experimentaluser-space implementations are available for Linux, Mac OS X, FreeBSD and Windows. There is also aLinux kernel implementation.

The TCPINC (TCP Increased Security)working group was formed in June 2014 byIETF to work on standardizing security extensions in the TCP protocol.^[5] In May 2019 the working group releasedRFC 8547 andRFC 8548 as an experimental standard for Tcpcrypt.

Tcpcrypt providesopportunistic encryption — if either side does not support this extension, then the protocol falls back to regular unencrypted TCP. Tcpcrypt also provides encryption to any application using TCP, even ones that do not know about encryption. This enables incremental and seamless deployment.^[6]

Unlike TLS, tcpcrypt itself does not do anyauthentication, but passes a unique "session ID" down to the application; the application can then use this token for further authentication. This means that any authentication scheme can be used, including passwords orcertificates. It also does a larger part of the public-key connection initiation on the client side, to reduce load on servers and mitigate DoS attacks.^[6]

The first draft of the protocol specification was published in July 2010, withreference implementations following in August. However, after initial meetings in IETF, proponents of the protocol failed to gain traction for standardization and the project went dormant in 2011.^[7]

In 2013 and 2014, followingEdward Snowden'sGlobal surveillance disclosures about theNSA and agencies of other governments, IETF took a strong stance for protecting Internet users against surveillance.^[8][9] This aligns with tcpcrypt's goals of ubiquitous transparent encryption, which revived interest in standardization of the protocol. An official IETFmailing list was created for tcpcrypt in March 2014,^[10] followed by the formation of the TCPINC (TCP Increased Security)working group in June^[5] and a new version of the draft specification.

Tcpcrypt enforces TCP timestamps and adds its own TCP options to each data packet, amounting to 36 bytes per packet compared to plain TCP. With a mean observed packet size for TCP packets of 471 bytes,^[11] this can lead to an overhead of 8% of useful bandwidth. This 36 bytes overhead may not be an issue for internet connections faster than 64kbs but it can be an issue for dial-up internet users.

Compared toTLS/SSL, tcpcrypt is designed to have a lower performance impact. In part this is because tcpcrypt does not have built-in authentication, which can be implemented by the application itself. Cryptography primitives are used in such a way to reduce load on theserver side, because a single server usually has to provide services for far more clients than the reverse.^[6]

The current user space implementations are considered experimental and are reportedly unstable on some systems. It also does not supportIPv6 yet, which is currently only supported by the Linux kernel version. It is expected that once tcpcrypt becomes a standard, operating systems will come with tcpcrypt support built-in, making the user space solution unnecessary.^{[citation needed]}

• DTLS
• IPsec
• Obfuscated TCP – an earlier failed proposal for opportunistic TCP encryption

• tcpcrypt.org
• TCPINC Working Group Charter at IETF
• Slides from USENIX 2010 presentation, explaining basics of tcpcrypt

• TCP extensions
• Internet security
• Cryptographic protocols

• Articles with short description
• Short description matches Wikidata
• All articles with unsourced statements
• Articles with unsourced statements from March 2020