On Sat, Sep 13, 2025 at 01:49:38PM +0100, Pete French wrote: > > On 13/09/2025 10:46, Alexander Leidinger wrote: > > For nginx it is "ssl_conf_command Options KTLS;", nothing in openssl.cnf > > needed then. No special build options for src, only > > kern.ipc.tls.enable=1 in sysctl.conf. > > Ah, excellent, just tried and this works with nginx as expected. > I do need the line in nginx.conf, the changes I made to > the global openssl.cnf dont enable it "by default" which is what > I was hoping would happen. But the stats (the ones Marke pointed > me to below) do go up now. > > On 13/09/2025 13:32, Marek Zarychta wrote: > > Please don’t expect Apache 2.4 to benefit from KTLS[1]. Nginx is proven > > to work since a few years. If you want to check whether KTLS is active > > (for Nginx or another application), watch the > > kern.ipc.tls.stats.ocf statistics. > > > > 1. https://reviews.freebsd.org/D28932 > > > > Ahhhh.... OK, thats very useful. Both bits actually, as I was > looking at the wrong set of stats to see if it was working. > Annoying that Apache doesnt work, but I appreciate the > various suggetsions from ppl, thanks :-) I shall stop > wasting time trying to make something work, which can't.
See ports net/ktcplist. Most likely you need 15+ to have the kernel bits.
