git: aa906e2a4957 - main - OpenSSL: Support for kernel TLS offload (KTLS)
John Baldwin
jhb at FreeBSD.org
Tue Feb 2 00:36:26 UTC 2021
On 1/31/21 10:41 AM, Guido Falsi wrote:
> On 28/01/21 19:25, John Baldwin wrote:
>> The branch main has been updated by jhb:
>>
>> URL: https://cgit.FreeBSD.org/src/commit/?id=aa906e2a4957db700d9e6cc60857e1afe1aecc85
>>
>> commit aa906e2a4957db700d9e6cc60857e1afe1aecc85
>> Author: John Baldwin <jhb at FreeBSD.org>
>> AuthorDate: 2021-01-16 00:17:31 +0000
>> Commit: John Baldwin <jhb at FreeBSD.org>
>> CommitDate: 2021-01-28 18:24:13 +0000
>>
>> OpenSSL: Support for kernel TLS offload (KTLS)
>>
>> This merges upstream patches from OpenSSL's master branch to add
>> KTLS infrastructure for TLS 1.0-1.3 including both RX and TX
>> offload and SSL_sendfile support on both Linux and FreeBSD.
>>
>> Note that TLS 1.3 only supports TX offload.
>>
>> A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with
>> KTLS support. It defaults to enabled on amd64 and disabled on all
>> other architectures.
>>
>> Reviewed by: jkim (earlier version)
>> Approved by: secteam
>> Obtained from: OpenSSL (patches from master)
>> MFC after: 1 week
>> Relnotes: yes
>> Sponsored by: Netflix
>> Differential Revision: https://reviews.freebsd.org/D28273
>> ---
>
> This commit causes a strange interaction/regression with subverison
> client when using https protocol.
>
> I filed a bug report about this:
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135
>
> Workarounds:
>
> - Compiling system defining WITHOUT_OPENSSL_KTLS
> - using the svn:// scheme
Hmm, that is certainly odd. I did reproduce it locally and it wasn't
even trying to use KTLS (didn't invoke the socket option in the ktrace
I had). I will work on debugging this more tomorrow.
--
John Baldwin
More information about the dev-commits-src-all
mailing list