On Mon, Aug 26, 2019 at 05:14:42PM -0700, John Baldwin wrote: > On 8/26/19 5:01 PM, John Baldwin wrote: > > Author: jhb > > Date: Tue Aug 27 00:01:56 2019 > > New Revision: 351522 > > URL: https://svnweb.freebsd.org/changeset/base/351522 > > > > Log: > > Add kernel-side support for in-kernel TLS. > > The length of the commit message notwithstanding, there is still quite a bit > more work to do on this front. Making use of KTLS requires an SSL library > that understands the new functionality, and for the full performance gain > you want an application that makes use of SSL_sendfile. Netflix has both > of these in the form of patches to OpenSSL and nginx. I'm currently working > on a patchset suitable for merging into upstream OpenSSL's master (the > Linux KTLS patches are merged into OpenSSL master already, so the FreeBSD > patches are fairly small).
Hey John, Thanks a lot for working to get this in! I'm curious if there's any desire to help LibreSSL adopt same/similar patches as OpenSSL. Doing so would help LibreSSL on FreeBSD maintain feature parity with OpenSSL. I respect your opinion and would love to hear your thoughts. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: latt...@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2
signature.asc
Description: PGP signature