Re: How to use ktls with openssl in base
- Reply: Konstantin Belousov : "Re: How to use ktls with openssl in base"
- In reply to: Alexander Leidinger : "Re: How to use ktls with openssl in base"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 13 Sep 2025 12:49:38 UTC
On 13/09/2025 10:46, Alexander Leidinger wrote: > For nginx it is "ssl_conf_command Options KTLS;", nothing in openssl.cnf > needed then. No special build options for src, only > kern.ipc.tls.enable=1 in sysctl.conf. Ah, excellent, just tried and this works with nginx as expected. I do need the line in nginx.conf, the changes I made to the global openssl.cnf dont enable it "by default" which is what I was hoping would happen. But the stats (the ones Marke pointed me to below) do go up now. On 13/09/2025 13:32, Marek Zarychta wrote: > Please don’t expect Apache 2.4 to benefit from KTLS[1]. Nginx is proven > to work since a few years. If you want to check whether KTLS is active > (for Nginx or another application), watch the > kern.ipc.tls.stats.ocf statistics. > > 1. https://reviews.freebsd.org/D28932 > Ahhhh.... OK, thats very useful. Both bits actually, as I was looking at the wrong set of stats to see if it was working. Annoying that Apache doesnt work, but I appreciate the various suggetsions from ppl, thanks :-) I shall stop wasting time trying to make something work, which can't. cheers, -pete.