> On 27 Jan 2022, at 16:48, Anoop Alias <anoopalia...@gmail.com> wrote: > > Hi, > > I am trying to implement/test ktls as per the blog article > > https://www.nginx.com/blog/improving-nginx-performance-with-kernel-tls/#tls-protocol > > ########################### > This is done on CentOS8 VM > > # uname -r > 4.18.0-348.7.1.el8_5.x86_64 > ########################### > # openssl-3.0.1/.openssl/bin/openssl ciphers > [..] > > ########################### > # /usr/sbin/nginx-debug -V > nginx version: nginx/1.21.6 > built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC) > built with OpenSSL 3.0.1 14 Dec 2021 > TLS SNI support enabled > configure arguments: --with-debug --prefix=/etc/nginx > --sbin-path=/usr/sbin/nginx --modules-path=/etc/nginx/modules > --with-pcre=./pcre2-10.39 --with-pcre-jit --with-zlib=./zlib-1.2.11 > --with-openssl=./openssl-3.0.1 --with-openssl-opt=enable-ktls > --with-openssl-opt=enable-tls1_3 --conf-path=/etc/nginx/nginx.conf > --error-log-path=/var/log/nginx/error_log > ############################ > The debug log does not show any signs of ktls in use > [..] > [root@65-108-156-104 nginx-1.21.6]# grep SSL_sendfile > /var/log/nginx/error_log > [root@65-108-156-104 nginx-1.21.6]# grep BIO /var/log/nginx/error_log > [root@65-108-156-104 nginx-1.21.6]# > > There is no SSL_sendfile in the log > > ############################################## > # TLS Settings > ssl_protocols TLSv1.3; > ssl_session_cache shared:SSL:32m; > ssl_dhparam /etc/nginx/ssl/dhparam.pem; > ssl_session_timeout 1d; > ssl_session_tickets off; > ssl_ocsp_cache shared:ocspcache:10m; > > > server{ > ... > ssl_conf_command Options KTLS; > .. > } > ################################################# > What am I doing wrong? >
Make sure you have enabled sendfile in configuration. Note that Linux 4.18 as distributed with Centos8 implements no KTLS for TLSv1.3 ciphers, and quite limited number of ciphers for TLSv1.2. -- Sergey Kandaurov _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org