svn commit: r351522 - in head: sbin/ifconfig share/man/man4 sys/conf sys/kern sys/modules sys/modules/ktls_ocf sys/net sys/netinet sys/netinet/tcp_stacks sys/netinet6 sys/opencrypto sys/sys tools/t...
John Baldwin
jhb at FreeBSD.org
Tue Aug 27 16:03:41 UTC 2019
On 8/27/19 6:04 AM, Shawn Webb wrote:
> On Mon, Aug 26, 2019 at 05:14:42PM -0700, John Baldwin wrote:
>> On 8/26/19 5:01 PM, John Baldwin wrote:
>>> Author: jhb
>>> Date: Tue Aug 27 00:01:56 2019
>>> New Revision: 351522
>>> URL: https://svnweb.freebsd.org/changeset/base/351522
>>>
>>> Log:
>>> Add kernel-side support for in-kernel TLS.
>>
>> The length of the commit message notwithstanding, there is still quite a bit
>> more work to do on this front. Making use of KTLS requires an SSL library
>> that understands the new functionality, and for the full performance gain
>> you want an application that makes use of SSL_sendfile. Netflix has both
>> of these in the form of patches to OpenSSL and nginx. I'm currently working
>> on a patchset suitable for merging into upstream OpenSSL's master (the
>> Linux KTLS patches are merged into OpenSSL master already, so the FreeBSD
>> patches are fairly small).
>
> Hey John,
>
> Thanks a lot for working to get this in! I'm curious if there's any
> desire to help LibreSSL adopt same/similar patches as OpenSSL. Doing
> so would help LibreSSL on FreeBSD maintain feature parity with
> OpenSSL.
I do not have any plans to implement the needed changes in other SSL
implementations. Others are free to work on it however.
--
John Baldwin
More information about the svn-src-all
mailing list