On 8/26/19 5:01 PM, John Baldwin wrote: > Author: jhb > Date: Tue Aug 27 00:01:56 2019 > New Revision: 351522 > URL: https://svnweb.freebsd.org/changeset/base/351522 > > Log: > Add kernel-side support for in-kernel TLS.
The length of the commit message notwithstanding, there is still quite a bit more work to do on this front. Making use of KTLS requires an SSL library that understands the new functionality, and for the full performance gain you want an application that makes use of SSL_sendfile. Netflix has both of these in the form of patches to OpenSSL and nginx. I'm currently working on a patchset suitable for merging into upstream OpenSSL's master (the Linux KTLS patches are merged into OpenSSL master already, so the FreeBSD patches are fairly small). One thing to note is that while the KTLS OCF backend in this commit is functional, it is not ideal. One of the SW crypto backends Netflix uses internally is based on Intel's ISA-L crypto library. I put together a port for this based on the public ISA-L crpyto library repository on GitHub today and hope to have it up for review soon. -- John Baldwin _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
