Getting started with ktls
tech-lists
tech-lists at zyxst.net
Wed Mar 17 16:10:33 UTC 2021
On Tue, Mar 16, 2021 at 11:46:27PM +0000, Rick Macklem wrote:
>Well, if you do "sysctl -a | fgrep kern.ipc.tls.stats" and it is working,
>you should see the count for at least one of the "crypts" ticking up.
>If they are all zero, it isn't working. That might depend on the apps
>or setup and does not necessarily indicate broken.
OK. it's "not working" by those criteria on the stable/13 rpi4.
This one has mutt (imaps) and lynx (https) installed. mutt appears to
use tlsv1.3 to connect with my email provider.
>Trying the nfs-over-tls should definitely test it. When it works, the
>data on the wire after the first couple of Null RPCs is encrypted.
>Also, if you start the daemons with "-v",
This is what i'll try once buildworld etc completes on the main/14 rpi4.
--
J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20210317/79570291/attachment.sig>
More information about the freebsd-current
mailing list