Date: Tue, 7 Jan 2020 23:02:23 +0000 From: Rick Macklem <rmacklem@uoguelph.ca> To: "freebsd-current@FreeBSD.org" <freebsd-current@FreeBSD.org> Subject: how to use the ktls Message-ID: <YQBPR0101MB142760894682CA3663CB53BDDD3F0@YQBPR0101MB1427.CANPRD01.PROD.OUTLOOK.COM>
next in thread | raw e-mail | index | archive | help
Hi, Now that I've completed NFSv4.2 I'm on to the next project, which is making NFS work over TLS. Of course, I know absolutely nothing about TLS, which will make this an interesting exercise for me. I did find simple server code in the OpenSSL doc. which at least gives me a starting point for the initialization stuff. As I understand it, this initialization must be done in userspace? Then somehow, the ktls takes over and does the encryption of the data being sent on the socket via sosend_generic(). Does that sound right? So, how does the kernel know the stuff that the initialization phase (handshake) figures out, or is it magic I don't have to worry about? Don't waste much time replying to this. A few quick hints will keep me going for now. (From what I've seen sofar, this TLS stuff isn't simple. And I thought Kerberos was a pain.;-) Thanks in advance for any hints, rick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YQBPR0101MB142760894682CA3663CB53BDDD3F0>