From owner-freebsd-current@freebsd.org Sun Mar 14 20:55:27 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 08D845B2243 for ; Sun, 14 Mar 2021 20:55:27 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670089.outbound.protection.outlook.com [40.107.67.89]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "DigiCert Cloud Services CA-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DzBdn4gSpz4kYp; Sun, 14 Mar 2021 20:55:25 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Fk42PQhQlingRPZPhLZf0wpoKSlTLbQNJXDDbevx0LN6j/FEaTjr04WX5SY0undFU3nsOdEJduJ9Eug5481NXD7RPMSeev2ymek1q/iu7uJcWSzL6oh/W0heyggsFQ9Ay6PMYNz00JVKqnsp/EtPG2fLlMgX9N3QYETUcf60Uxw9tuavQAeEXJtPLflqc/Svlvok4wvWP9iXu+YDuIa2MYasbTmPIUYYPcIAUSRU8Uf1vqtSal0XVU8iV+Yip8BEl/CTBZoPKcgWlhNTw9Xob/GO6a63+XhIgw/kay6YTun0MaJIcHvS3uDeDjjqzH0UGYtrqNj8G+TykmDui+Eikw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i0u+k+sG3PxTNTfv5btYEuUk/P8H8XP6TgPebTYnmoA=; b=O89TmYd9kQYg8c17u9/kgVC1w9Y0mQQl56PLnThXrpuw9JTSMK1h+eyBIA8HVeOZZBXj06Um110mJN6Q5FL8uJ0cDhIXyw9NeqBJ4hOi1pP+YVhwOmotytm/JxWDnIbBWtMSX5L2hmDkgIGHlBBiDQsCFAY4QCqM0iLVClP2k3piCulGbOAJmKH2mu8OhyBQLDiGK8cRDUrKPNb2AoRTi27XB5yyJxf4vC7ji1h/sqsMdAw2RZ5dnRmlSwJFuzlNgucQj5jSvnuBOQOcQDMSOVWtMs4KKm6oqD46GvfnfzjOXLmtwWdcWYU7/IDRu0UTh9sL/tlvmUMUbN7VoRG6SQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i0u+k+sG3PxTNTfv5btYEuUk/P8H8XP6TgPebTYnmoA=; b=lh/lMKrfWdLS96WR1nEIpBLDR+Eyh0HUCHLOY1COLeM16O15GPguoghvTdBmwc3z4APTc7hgGH+Ouqi+vRnmrV0RSqrFwl7XxmXmHGQngh3ewHSqLnYbuNNNGO2BdozVFxulLy9fIaS/8p1IoWL5Dla6ToDVKGjTm9sSHIRgSwAiXUECry5lLeRmp5qiXJYWrzD7e3OXqLYMCSu7x0k1O3nHqo+J0hLXcUx+KwxOBJk/w4ayHjibed8IwbMuw9G59S7PmB0396UQeMsziO7pZDq3WzpcOxlXgxBnJq0N0ltL48qeM1sZ+WhUXH3aPvd00jQQheuk7KbU4UVuXQ+gaw== Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:19::29) by YQXPR01MB2661.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:49::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Sun, 14 Mar 2021 20:55:24 +0000 Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::6073:6fc0:5ddf:dc8a]) by YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::6073:6fc0:5ddf:dc8a%7]) with mapi id 15.20.3933.032; Sun, 14 Mar 2021 20:55:18 +0000 From: Rick Macklem To: Alan Somers , FreeBSD CURRENT Subject: Re: Getting started with ktls Thread-Topic: Getting started with ktls Thread-Index: AQHXFgwYWcBrnpJjzEOOvEeMKEi/Wap977EAgAAM4QCAACDHgIAACzeAgADCPHuABK2jgIAAEB+AgABQrWw= Date: Sun, 14 Mar 2021 20:55:18 +0000 Message-ID: References: <20210311003136.GM56617@kduck.mit.edu> <20210311031501.GP56617@kduck.mit.edu> , In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4a41538f-ecb0-4928-1584-08d8e72b798b x-ms-traffictypediagnostic: YQXPR01MB2661: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: enMY6bMoppXQF/sv9F2nLNjQDuu3VIIoi2BaH7T5oRuH/mDUdyDuzGYv0Qbt3oD+I4HelWIV5Hn/jucxj9w9YkBoIDBtdUpwNVP7l43pAbAZBN0Q/izMzRr88HGLtjEIhK4AJSRNoKSyf6BzNbvlnGVP9WcyjIRFJKqD3gLFkPn29mHdNngwAX/yy2z5C1fjR7A/T75sbzqEQ1fRi0DUSMLxMXaWIoLHadhd6B+b4K8xsPVy6OS6FiRCZ8Y+b8q88ZzZIyrm/WW8UQzLRcUJiu0GTGrN16GvaAglZtnlOEsFmVPkJZeE8B/bTIYw5lnuA0GBtf5O4Za41JdZUPmo/fBkU1RX2zSP2KR7ySBRdJp5p2SKdqJGutp22oZPRLB2l08NXZbPuUo/RhxEmfJuPAT8thRoGFiIYGKTo/kKNbjtBT4c4rO01lk3dsFv9yvWmjscln5Sr9sDlvLYLUvQO27kA+n5qDypPmu+43CGd6B7gANZjDprTZ/VA+O/S+Wv1IYYNYOj4l458l4IvNGMBRR0eHhypBUwotDExZI6VdNokXncZcS4e87Eoa/ZrAiNE6jIyQ3dfS8mUWjtIlYVjyp4GnhfPBA3P23SQefzjAGNyrT7kvM/M0u7XJj0m+lJ x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(396003)(376002)(346002)(366004)(136003)(39850400004)(52536014)(33656002)(66446008)(86362001)(66556008)(76116006)(91956017)(64756008)(3480700007)(83380400001)(66476007)(66946007)(316002)(110136005)(450100002)(8936002)(5660300002)(786003)(966005)(7696005)(71200400001)(2906002)(9686003)(6506007)(186003)(55016002)(478600001)(8676002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?iso-8859-1?Q?aWdfHbvV7E8ypNPwJLfH/Y8fBPYPmpcOR5l3U4qKZoPUJ2T82CyGSQmRz4?= =?iso-8859-1?Q?4ygNtrJqUgtzZrvUOASNBVVFoy3U5++4Y5Df298pyOb+d/16gJ4HDpZKrY?= =?iso-8859-1?Q?ZE6axKYbtg7FI8VcW0Y+F7VaYlVmJcOcW+TlFKhClwNg992nZz6wHXj+Pm?= =?iso-8859-1?Q?0sKVwqOuKo6Cqer6UwQIcHESBLkFNrzV8DqL2qMgf6iKC9ePL+TmntMjoE?= =?iso-8859-1?Q?HWG2f65+8aqo+EOIDbqQw18nBhZOQHMuBIr56eBtM3RyY0Ut4usm0/rGAb?= =?iso-8859-1?Q?L/ty/T8oNxGkdND0oCFoemG2Rt2MAEtVcATD667WKwRpXqg7b8ViWr+zLa?= =?iso-8859-1?Q?2JH1zgghhIwUtQgceBTM+TU6gZWMqfqarBjwqS+kj3bzfMW4tvVdL5Ujod?= =?iso-8859-1?Q?Y7eUaNYQvJ391r28Mr0qSEyYUsBf/1nekK8SVd0T7av28GUAfGRf4+6x7T?= =?iso-8859-1?Q?rQgQ3mlojIlT4Gw41nv1cKsV0Ncn0eGrRQiujWLe2pFqQ2godv9t+svh0g?= =?iso-8859-1?Q?qPEijmfBI0oXnLfbtddTY7l1hinqd9Cx2U0Lf+l8PeK5BbECq9j3hbvuVw?= =?iso-8859-1?Q?XmKQ1/UGzM5cJBbX4RTr0riWg+vugBKJ65hmP8xsekyAhFW5ZLelkMweIP?= =?iso-8859-1?Q?de5f7AF8JbLaol5XFAysFwbyygliQ1Mcw0Q7kVroelnuHqdKjf477atmO0?= =?iso-8859-1?Q?pCOjc6EL9uGqixGBkjSeTW9XJ7tiexmtGqP7IF/lR2ymOyoiuS4jwk7CR9?= =?iso-8859-1?Q?JIgkXFt5Sndgv60pDtiQGrfUGV1QNotyj3WeATSmUYt6UIEvkvg1zc23Xw?= =?iso-8859-1?Q?cZwOeHb+e3+jBKT+zgwWjN+IIzjsh8YWZHsdSQkIRATZdSuyHLP+UnGY1m?= =?iso-8859-1?Q?tT9/OhEwg27YNtYn7RvX+OIqsKUXGNqvywh1EA1bVsstP7nJUr/wgQXgGO?= =?iso-8859-1?Q?OJfARUY6Twu0feELKsH7gmEsx4jPbRbXlW63FaayxiLlOccB5cgBoVXf/P?= =?iso-8859-1?Q?8VeGTVN0hozocGZyMutsT4dpyV3yLa5z2AVTH+EJL5hJf2qf4Ayd9+kJP7?= =?iso-8859-1?Q?sY3fGSQuy6fR9MXw7hhlXwl0AycO8MwqRpuMFp41hkgikXMOzjmajmD+eC?= =?iso-8859-1?Q?f8DXIOF8oaeOVIgXDldaRGVwYlDHflCN01RWxiYcX1NuamV+lXSzFLJhEk?= =?iso-8859-1?Q?Q9vcZBhX2wD2DETbteLfEJqx3AEFLeGcKR9pgSmNmgahpV/wpZ1ASDuqDB?= =?iso-8859-1?Q?Mhj/B4gtUNO//9iZnNfHjS4qS6yZcG9cbC0XleYpQLXSpOAE/OSZkLCVG3?= =?iso-8859-1?Q?CmA4lFXpHj7OvgSgysi3CTxi55u2rUAmYO3mpVYllanMAwvEz0n5PVYZiO?= =?iso-8859-1?Q?PRX+E1oY/YjeMxf/btWDiBxF1dNpWJLMFmHsLB7ThdZNOwlNnFzF8=3D?= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 4a41538f-ecb0-4928-1584-08d8e72b798b X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Mar 2021 20:55:18.0973 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: iK5n2xhNNLOG/z8SMaBMtJMkDi35DW3eTEJItsgUhZhQ09YeNTO8zA4RSPuWTo4qfAVuPYR844oYDJuUcvVg3g== X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQXPR01MB2661 X-Rspamd-Queue-Id: 4DzBdn4gSpz4kYp X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=uoguelph.ca header.s=selector1 header.b=lh/lMKrf; arc=pass (microsoft.com:s=arcselector9901:i=1); dmarc=pass (policy=none) header.from=uoguelph.ca; spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates 40.107.67.89 as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca X-Spamd-Result: default: False [-4.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RBL_DBL_DONT_QUERY_IPS(0.00)[40.107.67.89:from]; R_DKIM_ALLOW(-0.20)[uoguelph.ca:s=selector1]; FREEFALL_USER(0.00)[rmacklem]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; MIME_GOOD(-0.10)[text/plain]; NEURAL_SPAM_SHORT(1.00)[1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; DWL_DNSWL_LOW(-1.00)[uoguelph.ca:dkim]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[uoguelph.ca:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[40.107.67.89:from]; DMARC_POLICY_ALLOW(-0.50)[uoguelph.ca,none]; SPAMHAUS_ZRD(0.00)[40.107.67.89:from:127.0.2.255]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; MAILMAN_DEST(0.00)[freebsd-current]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.107.67.89:from] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Mar 2021 20:55:27 -0000 [stuff snipped]=0A= > J. wrote:=0A= >>=0A= >> I'd like to have it (ktls) available on the ARM64=0A= >> stable/13-n244876-0b45290603b. Is it just a matter of adding the option,= =0A= >> and then the sysctls become available? Is it "better" with openssl[-deve= l]=0A= >> in ports or openssl in base?=0A= >>=0A= >> thanks,=0A= >> --=0A= >> J.\=0A= Alan explains how to set it up, below.=0A= However, I thought I'd note that maybe one person has tested KTLS=0A= on arm64, so you should consider doing this for test purposes only.=0A= If you do do some testing, please post with your results,=0A= success or failure.=0A= =0A= >It's present in current kernels for both 13 and 14, amd64 and aarch64.=0A= >However, it's not present in 13's openssl. To use it, you must either=0A= >rebuild world with WITH_OPENSSL_KTLS=3DYES in /etc/src.conf,=0A= Doing it this way means that everything linked to OpenSSL will use=0A= it. Probably a better testsituation, but expect at least the apache=0A= server to break. (Most breakage was fixed by a recent patch to the=0A= serf library, but I think the apache server is still broken.=0A= =0A= >(or) install=0A= >security/openssl-devel from pkg, or built security/openssl from ports with= =0A= >the KTLS option enabled. I don't know if any version of openssl is=0A= >"better" than another. The sysctls should be available in any case.=0A= Only applications built using includes from /usr/local/include and=0A= linked to libraries in /usr/local/lib will use it for these cases.=0A= =0A= If you want to try NFS-over-TLS, see this:=0A= https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt=0A= =0A= Please let us know if you try it, rick=0A= =0A= -Alan=0A= _______________________________________________=0A= freebsd-current@freebsd.org mailing list=0A= https://lists.freebsd.org/mailman/listinfo/freebsd-current=0A= To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"= =0A= =0A=