From owner-svn-src-head@freebsd.org Tue Aug 27 13:04:31 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3FCB0D584D for ; Tue, 27 Aug 2019 13:04:31 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk1-x742.google.com (mail-qk1-x742.google.com [IPv6:2607:f8b0:4864:20::742]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46HpxB2m5Lz3MgL for ; Tue, 27 Aug 2019 13:04:30 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk1-x742.google.com with SMTP id 201so16858060qkm.9 for ; Tue, 27 Aug 2019 06:04:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=rhSXkYcEGIOYhxZZwncpguLsSegUw0Sf+2LU8IJPBdM=; b=O/P8X7rcGrtLk2N7aybp9RWmOcNdpuscGTxIPZ91oBIiZ0f8KcL3GSw4JdKpSZqubL Jg/oNVuLonvVpvL0aJtWAgyB1ZbP0XO7V3jxYeVpQx514XxB1V9CnDNc4QslkMMl75Gn yroFNg0YAKbtKDZmxxBZz/WR4uKJ8gg8DSpC1YwbaYneJlWSDTW57TKWh6ToHjLCnB3P MouCTA362pMRf1tilFHzBrIwhsSVkDj0b9o+bGe/xcV/rt7lcOh4/FXRE2Pn6Wu889VZ DHwVI6CpDIYZe//J4LwlJz0nGbmyIbAsrLEOO8kVPgmga1mX2Y33CbMFgoOMDICiwhw2 NhsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=rhSXkYcEGIOYhxZZwncpguLsSegUw0Sf+2LU8IJPBdM=; b=Z27eigyRiigFX7kdp2j6dBWERKkUtbci503+Fdi3tC/7CP6S4wcGLQOcR+RlfhTkKH 2xUo4HlkHWGJXo1Jktp8TlrW+1T7oBB93ShGwkOPrt7R32Mc2ABUEBzRWmLGn5w5TSq4 Q3ECGso44152K8ZWEUBrPob+AURNJ8wvqBdtor7jPbe7nm9iUKLsJ4iCBGRR0vhyxNgk IpGzLAJH7h9LqLjQPwou0/Gh804loiOP+uvqEZOQcGbzTLqHJgzKHzPI45uCMgXvFCS3 6OHErK04iYlV9Fz2ruxrQ2HdSPsY00DcKxoBtpa10i+gdAaZZzuc0cFXawBUBfjoO8GL 2VaA== X-Gm-Message-State: APjAAAWqjKfVTDWH8ChHKI5UHoQ9K9HZEoW1I2gjaK0IEGjw95OmhJ8Z X5goSTQzgHWuW9++t6zidAhttcKPjBM= X-Google-Smtp-Source: APXvYqyMZqnweXAsRDZ+5i/3AUX44jGaWLE9aFx2IZEzVvi2ep8C4rBmMUYVGuef42owAx50IonLDA== X-Received: by 2002:a37:4986:: with SMTP id w128mr21040709qka.417.1566911069133; Tue, 27 Aug 2019 06:04:29 -0700 (PDT) Received: from mutt-hbsd ([63.88.83.108]) by smtp.gmail.com with ESMTPSA id o17sm1318676qkk.36.2019.08.27.06.04.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 27 Aug 2019 06:04:28 -0700 (PDT) Date: Tue, 27 Aug 2019 09:04:27 -0400 From: Shawn Webb To: John Baldwin Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r351522 - in head: sbin/ifconfig share/man/man4 sys/conf sys/kern sys/modules sys/modules/ktls_ocf sys/net sys/netinet sys/netinet/tcp_stacks sys/netinet6 sys/opencrypto sys/sys tools/t... Message-ID: <20190827130427.r27c6jswyxipkln5@mutt-hbsd> References: <201908270001.x7R01vUB052426@repo.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xrquq2h6prvg2w7t" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD 13.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA User-Agent: NeoMutt/20180716 X-Rspamd-Queue-Id: 46HpxB2m5Lz3MgL X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=O/P8X7rc; dmarc=none; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2607:f8b0:4864:20::742 as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org X-Spamd-Result: default: False [-5.47 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[svn-src-head@freebsd.org]; DMARC_NA(0.00)[hardenedbsd.org]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; NEURAL_HAM_SHORT(-0.96)[-0.963,0]; RCVD_IN_DNSWL_NONE(0.00)[2.4.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MID_RHS_NOT_FQDN(0.50)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[]; IP_SCORE(-0.40)[ip: (3.23), ipnet: 2607:f8b0::/32(-2.86), asn: 15169(-2.33), country: US(-0.05)] X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Aug 2019 13:04:31 -0000 --xrquq2h6prvg2w7t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 26, 2019 at 05:14:42PM -0700, John Baldwin wrote: > On 8/26/19 5:01 PM, John Baldwin wrote: > > Author: jhb > > Date: Tue Aug 27 00:01:56 2019 > > New Revision: 351522 > > URL: https://svnweb.freebsd.org/changeset/base/351522 > >=20 > > Log: > > Add kernel-side support for in-kernel TLS. >=20 > The length of the commit message notwithstanding, there is still quite a = bit > more work to do on this front. Making use of KTLS requires an SSL library > that understands the new functionality, and for the full performance gain > you want an application that makes use of SSL_sendfile. Netflix has both > of these in the form of patches to OpenSSL and nginx. I'm currently work= ing > on a patchset suitable for merging into upstream OpenSSL's master (the > Linux KTLS patches are merged into OpenSSL master already, so the FreeBSD > patches are fairly small). Hey John, Thanks a lot for working to get this in! I'm curious if there's any desire to help LibreSSL adopt same/similar patches as OpenSSL. Doing so would help LibreSSL on FreeBSD maintain feature parity with OpenSSL. I respect your opinion and would love to hear your thoughts. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 --xrquq2h6prvg2w7t Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl1lKlYACgkQ/y5nonf4 4frT9g//VGyS24NrOsVpiCLanwZ2bHFqfLYRVb3Dq/+OnvoFM3CCYipVhw/HDfrh C7gWrAFJ+tWJA+Ctb0WowIuzGkXbDVvJ1m3OtO6Lt1Ad1Y0nWxa367D6Cpj/4EeV YjBFFch80iABSJ44Ld14vai4HL5/dxd5b2AFIO5d6wZQVy8IlJ3aCogAGhum3YpI ZUXYmsVmVHFIqjtXS2Nung+FFDNo4G7g0iD5Wm01yxqC3QJ38ieQhhZ/I1r1btNH t+8MxgxEs7N6I9TSqvrGIGuLy+HAe3Q6t050JBZqaCcYAWEAZLj+YRgAf4/UJqRg yOtwiNTLqvkW7xTXMt3HseFQevXGXSn2wrca6rLhIo1FxeHQDL23NQr6n3RtPVOG VChDc3Dfa5f8Tv2HZzRoECURnlzfLdHWx/+CTEfru0ieiRhokUJPtSNY02jhJCmc VgMTpRsbfQ2RYsnEVi54NjyCiTliX5g6QS2BQk+cSlV/ozaMbSRqzbS/9ikDu6TH RBGpwObkifKZxtupkO742oeUYGBb2JKY63SFzPRcYwmfffbS99sC5BwT4sQff1uh mVdBjS8fwQyIYU8RJ7ddOstxOOceHBGgFMq8EC8yTcY/wfzoOWMbFV0w38uz9r7M x8FayT2v3eNc1aqbGq0bA8DYJsNO47MyrFB7Qp8CDCJWMtxBm0M= =U8yI -----END PGP SIGNATURE----- --xrquq2h6prvg2w7t--