On Tue, Mar 16, 2021 at 11:46:27PM +0000, Rick Macklem wrote:
Well, if you do "sysctl -a | fgrep kern.ipc.tls.stats" and it is working, you should see the count for at least one of the "crypts" ticking up. If they are all zero, it isn't working. That might depend on the apps or setup and does not necessarily indicate broken.
OK. it's "not working" by those criteria on the stable/13 rpi4. This one has mutt (imaps) and lynx (https) installed. mutt appears to use tlsv1.3 to connect with my email provider.
Trying the nfs-over-tls should definitely test it. When it works, the data on the wire after the first couple of Null RPCs is encrypted.Also, if you start the daemons with "-v",
This is what i'll try once buildworld etc completes on the main/14 rpi4. -- J.
signature.asc
Description: PGP signature
