Guido Falsi wrote: [good stuff snipped] >Performed a full bisect. Tracked it down to commit aa906e2a4957, adding >KTLS support to embedded OpenSSL. > >I filed a bug report about this: > >https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253135 > > >Apart from switching to svn:// scheme, another workaround is to build >base using WITHOUT_OPENSSL_KTLS. Just fyi, when I tested the daemons I have for nfs-over-tls (which use ktls), they acted like things were ok (no handshake problems), but the data ended up on the wire unencrypted (nfs-over-tls doesn't do a SSL_write(), so it depends on ktls to do the encryption).
Since these daemons work fine with openssl3 in ports/security/openssl-devel, I suspect the ktls backport is not quite right. I've sent jhb@ email. rick -- Guido Falsi <m...@madpilot.net> _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
