Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Aug 2019 09:03:39 -0700
From:      John Baldwin <jhb@FreeBSD.org>
To:        Shawn Webb <shawn.webb@hardenedbsd.org>
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r351522 - in head: sbin/ifconfig share/man/man4 sys/conf sys/kern sys/modules sys/modules/ktls_ocf sys/net sys/netinet sys/netinet/tcp_stacks sys/netinet6 sys/opencrypto sys/sys tools/t...
Message-ID:  <79fdf63c-b919-398b-a282-171146994b14@FreeBSD.org>
In-Reply-To: <20190827130427.r27c6jswyxipkln5@mutt-hbsd>
References:  <201908270001.x7R01vUB052426@repo.freebsd.org> <e744fd19-0f4e-ca5f-9b87-d48e1791a7f2@FreeBSD.org> <20190827130427.r27c6jswyxipkln5@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 8/27/19 6:04 AM, Shawn Webb wrote:
> On Mon, Aug 26, 2019 at 05:14:42PM -0700, John Baldwin wrote:
>> On 8/26/19 5:01 PM, John Baldwin wrote:
>>> Author: jhb
>>> Date: Tue Aug 27 00:01:56 2019
>>> New Revision: 351522
>>> URL: https://svnweb.freebsd.org/changeset/base/351522
>>>
>>> Log:
>>>   Add kernel-side support for in-kernel TLS.
>>
>> The length of the commit message notwithstanding, there is still quite a bit
>> more work to do on this front.  Making use of KTLS requires an SSL library
>> that understands the new functionality, and for the full performance gain
>> you want an application that makes use of SSL_sendfile.  Netflix has both
>> of these in the form of patches to OpenSSL and nginx.  I'm currently working
>> on a patchset suitable for merging into upstream OpenSSL's master (the
>> Linux KTLS patches are merged into OpenSSL master already, so the FreeBSD
>> patches are fairly small).
> 
> Hey John,
> 
> Thanks a lot for working to get this in! I'm curious if there's any
> desire to help LibreSSL adopt same/similar patches as OpenSSL. Doing
> so would help LibreSSL on FreeBSD maintain feature parity with
> OpenSSL.

I do not have any plans to implement the needed changes in other SSL
implementations.  Others are free to work on it however.

-- 
John Baldwin

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79fdf63c-b919-398b-a282-171146994b14>