I have noticed that the latency of "simple" applications seems to be higher using TLS 1.3 as compared to TLS 1.2. I found issue #3906 (and #3955) and believe that a larger fix or application note is required. It is not just early data that is impacted, but all scenarios where the client is the first side to send application data after the TLS 1.3 handshake.

For the purposes of discussion, a simple application is one that does:

 SSL_connect();
 SSL_write(client_request);
 SSL_read(server_response);

In TLS 1.2, the SSL_connect() call returns after reading the server finished message.

In TLS 1.3 however, the SSL_connect() call returns just after writing the client finished message. If TCP_NODELAY is disabled (Nagle is enabled), it is likely that the sending of the client_request will be buffered by the TCP stack. The protocol change means that clients enabling TLS 1.3 will see increased latency unless they make other changes.