svn commit: r351522 - in head: sbin/ifconfig share/man/man4 sys/conf sys/kern sys/modules sys/modules/ktls_ocf sys/net sys/netinet sys/netinet/tcp_stacks sys/netinet6 sys/opencrypto sys/sys tools/t...
Shawn Webb
shawn.webb at hardenedbsd.org
Tue Aug 27 13:04:31 UTC 2019
On Mon, Aug 26, 2019 at 05:14:42PM -0700, John Baldwin wrote:
> On 8/26/19 5:01 PM, John Baldwin wrote:
> > Author: jhb
> > Date: Tue Aug 27 00:01:56 2019
> > New Revision: 351522
> > URL: https://svnweb.freebsd.org/changeset/base/351522
> >
> > Log:
> > Add kernel-side support for in-kernel TLS.
>
> The length of the commit message notwithstanding, there is still quite a bit
> more work to do on this front. Making use of KTLS requires an SSL library
> that understands the new functionality, and for the full performance gain
> you want an application that makes use of SSL_sendfile. Netflix has both
> of these in the form of patches to OpenSSL and nginx. I'm currently working
> on a patchset suitable for merging into upstream OpenSSL's master (the
> Linux KTLS patches are merged into OpenSSL master already, so the FreeBSD
> patches are fairly small).
Hey John,
Thanks a lot for working to get this in! I'm curious if there's any
desire to help LibreSSL adopt same/similar patches as OpenSSL. Doing
so would help LibreSSL on FreeBSD maintain feature parity with
OpenSSL.
I respect your opinion and would love to hear your thoughts.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 443-546-8752
Tor+XMPP+OTR: lattera at is.a.hacker.sx
GPG Key ID: 0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20190827/42f7d93d/attachment.sig>
More information about the svn-src-head
mailing list