Should we enable KERN_TLS on amd64 for FreeBSD 13?

[Rick Macklem]

Miroslav Lachman wrote:
>Rick Macklem wrote:
[stuff snipped]
>>
>> I don't know what the relationship between ports and packages is,
>> but if there is soon a package for openssl-devel (with KTLS enabled
>> like it is in ports), then no build from sources would be needed for
>> openssl.
>
>If package is built with dependency on base OpenSSL then it will not use
>libraries installed by openssl-devel.
>If packgage is built with dependency on ports OpenSSL (security/openssl)
>then it pulls openssl package and openssl-devel will be deinstalled as
>it conflicts with other SSL implementations. They cannot coexist.
Sorry, what I meant by relationship is if/when a port becomes a package.

I am not at home, so I can't try:
# pkg install openssl-devel
to see if it works.

My point was "if it works or will work soon, then having KERN_TLS in
GENERIC would be nice, since then nothing needs to be built from source.

rick


> --> It is unfortunate that Openssl3 (openssl-devel) is still in alpha test.
>
> If there is a package for an openssl with KTLS support, then having KERN_TLS
> in GENERIC  might be nice, since no source builds would be needed.
> (I have no preference w.r.t "enabled by default", since the
> sysctl can easily be set via sysctl.conf.)
>
> Although nfs-over-tls is not yet implemented for non-FreeBSD
> systems, I would like to see it become easy to enable during the
> FreeBSD release cycle and having KERN_TLS in GENERIC would
> be a step in that direction.
>
> Oh, and I'm not saying it is worth changing, but having Openssl
> use KTLS and the kernel use KERN_TLS slightly obscures the fact
> that they refer to related code.

_______________________________________________
freebsd-arch at freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"