Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 23 Jan 2021 13:42:05 +0100
From:      "Ronald Klop" <ronald-lists@klop.ws>
To:        freebsd-current@freebsd.org
Subject:   Re: Can In-Kernel TLS (kTLS) work with any OpenSSL Application?
Message-ID:  <op.0xoawf2bkndu52@joepie>
In-Reply-To: <bd56c9d3711738d65a074d73c04addd2@freebsd.org>
References:  <bd56c9d3711738d65a074d73c04addd2@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 20 Jan 2021 21:21:15 +0100, Neel Chauhan <nc@freebsd.org> wrote:

> Hi freebsd-current@,
>
> I know that In-Kernel TLS was merged into the FreeBSD HEAD tree a while
> back.
>
> With 13.0-RELEASE around the corner, I'm thinking about upgrading my
> home server, well if I can accelerate any SSL application.
>
> I'm asking because I have a home server on a symmetrical Gigabit
> connection (Google Fiber/Webpass), and that server runs a Tor relay. If
> you're interested in how Tor works, the EFF has a writeup:
> https://www.eff.org/pages/what-tor-relay
>
> But the main point for you all is: more-or-less Tor relays deal with
> 1000s TLS connections going into and out of the server.
>
> Would In-Kernel TLS help with an application like Tor (or even load
> balancers/TLS termination), or is it more for things like web servers
> sending static files via sendfile() (e.g. CDN used by Netflix).
>
> My server could also work with Intel's QuickAssist (since it has an
> Intel Xeon "Scalable" CPU). Would QuickAssist SSL be more helpful here?
>
> I'm asking since I don't know whether to upgrade my home server to 13.x
> or leave it at 12.x. Yes, I do know we need a special OpenSSL to use
> kTLS.
>
> -Neel


According to the history of the openssl port it has support for KTLS.
https://www.freshports.org/security/openssl
I don't know about the openssl in base.

But I think for Tor to support KTLS it needs to implement some things  
itself. More information about that could be asked at the maintainer of  
the port (https://www.freshports.org/security/tor/) or upstream at the Tor  
project.

Regards,
Ronald.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?op.0xoawf2bkndu52>