Date: Tue, 7 Jan 2020 23:02:23 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: "freebsd-current@FreeBSD.org" <freebsd-current@FreeBSD.org> Subject: how to use the ktls Message-ID: <YQBPR0101MB142760894682CA3663CB53BDDD3F0@YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM>
next in thread | raw e-mail | index | archive | help
Hi,=0A= =0A= Now that I've completed NFSv4.2 I'm on to the next project, which is making= NFS=0A= work over TLS.=0A= Of course, I know absolutely nothing about TLS, which will make this an int= eresting=0A= exercise for me.=0A= I did find simple server code in the OpenSSL doc. which at least gives me a= starting=0A= point for the initialization stuff.=0A= As I understand it, this initialization must be done in userspace?=0A= =0A= Then somehow, the ktls takes over and does the encryption of the=0A= data being sent on the socket via sosend_generic(). Does that sound right?= =0A= =0A= So, how does the kernel know the stuff that the initialization phase (hands= hake)=0A= figures out, or is it magic I don't have to worry about?=0A= =0A= Don't waste much time replying to this. A few quick hints will keep me goin= g for=0A= now. (From what I've seen sofar, this TLS stuff isn't simple. And I thought= Kerberos=0A= was a pain.;-)=0A= =0A= Thanks in advance for any hints, rick=0A=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YQBPR0101MB142760894682CA3663CB53BDDD3F0>