On 13/09/2025 10:46, Alexander Leidinger wrote:
> For nginx it is "ssl_conf_command Options KTLS;", nothing in openssl.cnf
> needed then. No special build options for src, only
> kern.ipc.tls.enable=1 in sysctl.conf.
Ah, excellent, just tried and this works with nginx as expected.
I do need the line in nginx.conf, the changes I made to
the global openssl.cnf dont enable it "by default" which is what
I was hoping would happen. But the stats (the ones Marke pointed
me to below) do go up now.
On 13/09/2025 13:32, Marek Zarychta wrote:
> Please don’t expect Apache 2.4 to benefit from KTLS[1]. Nginx is proven
> to work since a few years. If you want to check whether KTLS is active
> (for Nginx or another application), watch the
> kern.ipc.tls.stats.ocf statistics.
>
> 1. https://reviews.freebsd.org/D28932
>
Ahhhh.... OK, thats very useful. Both bits actually, as I was
looking at the wrong set of stats to see if it was working.
Annoying that Apache doesnt work, but I appreciate the
various suggetsions from ppl, thanks :-) I shall stop
wasting time trying to make something work, which can't.
cheers,
-pete.
