Date: Sun, 10 Jan 2021 14:40:44 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: "freebsd-arch@FreeBSD.org" <freebsd-arch@FreeBSD.org>, John Baldwin <jhb@FreeBSD.org>, Allan Jude <allanjude@freebsd.org> Subject: Re: Should we enable KERN_TLS on amd64 for FreeBSD 13? Message-ID: <YQXPR0101MB09680F5A39EFA1EC0550219DDDAC0@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> In-Reply-To: <YQXPR0101MB096875C926EDE993086C0DBFDDAC0@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> References: <8eff83e5-49bc-d410-626e-603c03877b80@cs.duke.edu> <20210108214446.GJ31099@funkthat.com> <4fe4a57c-8c43-a677-4872-d0671104c414@FreeBSD.org> <YQXPR0101MB096889C6383CD9579F019EF3DDAD0@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>, <121d9135-e2a1-11ac-2538-f9fbb7505d89@quip.cz>, <YQXPR0101MB096875C926EDE993086C0DBFDDAC0@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Miroslav Lachman wrote:=0A= >Rick Macklem wrote:=0A= [stuff snipped]=0A= >>=0A= >> I don't know what the relationship between ports and packages is,=0A= >> but if there is soon a package for openssl-devel (with KTLS enabled=0A= >> like it is in ports), then no build from sources would be needed for=0A= >> openssl.=0A= >=0A= >If package is built with dependency on base OpenSSL then it will not use= =0A= >libraries installed by openssl-devel.=0A= >If packgage is built with dependency on ports OpenSSL (security/openssl)= =0A= >then it pulls openssl package and openssl-devel will be deinstalled as=0A= >it conflicts with other SSL implementations. They cannot coexist.=0A= Sorry, what I meant by relationship is if/when a port becomes a package.=0A= =0A= I am not at home, so I can't try:=0A= # pkg install openssl-devel=0A= to see if it works.=0A= =0A= My point was "if it works or will work soon, then having KERN_TLS in=0A= GENERIC would be nice, since then nothing needs to be built from source.=0A= =0A= rick=0A= =0A= =0A= > --> It is unfortunate that Openssl3 (openssl-devel) is still in alpha tes= t.=0A= >=0A= > If there is a package for an openssl with KTLS support, then having KERN_= TLS=0A= > in GENERIC might be nice, since no source builds would be needed.=0A= > (I have no preference w.r.t "enabled by default", since the=0A= > sysctl can easily be set via sysctl.conf.)=0A= >=0A= > Although nfs-over-tls is not yet implemented for non-FreeBSD=0A= > systems, I would like to see it become easy to enable during the=0A= > FreeBSD release cycle and having KERN_TLS in GENERIC would=0A= > be a step in that direction.=0A= >=0A= > Oh, and I'm not saying it is worth changing, but having Openssl=0A= > use KTLS and the kernel use KERN_TLS slightly obscures the fact=0A= > that they refer to related code.=0A= =0A= _______________________________________________=0A= freebsd-arch@freebsd.org mailing list=0A= https://lists.freebsd.org/mailman/listinfo/freebsd-arch=0A= To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"=0A= =0A=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YQXPR0101MB09680F5A39EFA1EC0550219DDDAC0>