Date: Sat, 23 Jan 2021 13:42:05 +0100 From: "Ronald Klop" <ronald-lists@klop.ws> To: freebsd-current@freebsd.org Subject: Re: Can In-Kernel TLS (kTLS) work with any OpenSSL Application? Message-ID: <op.0xoawf2bkndu52@joepie> In-Reply-To: <bd56c9d3711738d65a074d73c04addd2@freebsd.org> References: <bd56c9d3711738d65a074d73c04addd2@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Jan 2021 21:21:15 +0100, Neel Chauhan <nc@freebsd.org> wrote: > Hi freebsd-current@, > > I know that In-Kernel TLS was merged into the FreeBSD HEAD tree a while > back. > > With 13.0-RELEASE around the corner, I'm thinking about upgrading my > home server, well if I can accelerate any SSL application. > > I'm asking because I have a home server on a symmetrical Gigabit > connection (Google Fiber/Webpass), and that server runs a Tor relay. If > you're interested in how Tor works, the EFF has a writeup: > https://www.eff.org/pages/what-tor-relay > > But the main point for you all is: more-or-less Tor relays deal with > 1000s TLS connections going into and out of the server. > > Would In-Kernel TLS help with an application like Tor (or even load > balancers/TLS termination), or is it more for things like web servers > sending static files via sendfile() (e.g. CDN used by Netflix). > > My server could also work with Intel's QuickAssist (since it has an > Intel Xeon "Scalable" CPU). Would QuickAssist SSL be more helpful here? > > I'm asking since I don't know whether to upgrade my home server to 13.x > or leave it at 12.x. Yes, I do know we need a special OpenSSL to use > kTLS. > > -Neel According to the history of the openssl port it has support for KTLS. https://www.freshports.org/security/openssl I don't know about the openssl in base. But I think for Tor to support KTLS it needs to implement some things itself. More information about that could be asked at the maintainer of the port (https://www.freshports.org/security/tor/) or upstream at the Tor project. Regards, Ronald.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.0xoawf2bkndu52>