Date: Sat, 24 Jun 2023 18:52:15 +1000 From: Peter Jeremy <peterj@freebsd.org> To: freebsd-fs@freebsd.org Subject: Verifying NFS over TLS Message-ID: <ZJauv3mVdQ3TVl90@server.rulingia.com>
index | next in thread | raw e-mail
[-- Attachment #1 --] I've recently been configuring NFS over TLS[*] and one issue that came up was how to verify that it's actually using using TLS. * "mount -v" doesn't provide any indication of mount options. * Various kern.ipc.tls sysctls can confirm that *something* is using ktls but not that a specific NFS mount is using TLS. * tcpdump's inability to decode traffic on port 2049 is a fairly good indication but isn't as direct as I'd like. What is the recommended way to distinguish TLS from non-TLS mounts? [*] Thanks very much rmacklem@ for your work. -- Peter Jeremy [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE7rKYbDBnHnTmXCJ+FqWXoOSiCzQFAmSWrq5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEVF QjI5ODZDMzA2NzFFNzRFNjVDMjI3RTE2QTU5N0EwRTRBMjBCMzQACgkQFqWXoOSi CzRVaxAAjy6hEz+AsAx2puk81G39oYlzCESTvf8Bl4GshK0RrHMyzzTA0iBaXK6B CTnfZhORKHAWazWhMxP+Ac4Mk+RTN/zPay1xca9C9h/DNeF87PzZmmEOr4NGSJqb FgKM7tQ5CXdwkHH05X9ufw588iw37LTbYjVFQ7FTDLuqZFtW+QcbYeEIC/d9lAT+ EqC/JHNWSDgFmB8IOlEofi0HWy57Gsq2jWVRfGTN0PckhaSCTMCMcl53tn52Chsv vGCJzf2JERoPdiP3caCR1ihdWCb0FE1mrTe5irBrjh5LTc8E5/8aH99UvCuwAOQz OVUsNcnOfnXskeu1OTJvesA+0gBKsG5z9YjHvMbYQ3pZGOa6/t6v87pcIoKN+5OF kEkJ44l46agol/VzP1+yZN32z7ljIYNpZ7ibW45nk6lldNOj1tzu9MSDz3cErVm2 GH0XQtKKAWH/AU2d2zFT8KHoXG4gsrM809VOtfY8eaG2Fh0aQsTYf1WD5WtB90k3 X5IxLqQRNRyAb51F6rJk5KWC/q4hFUVF2Xw7FxwrHIyqbg5yFlRbPv/HT/Jld0aU DMxqPRIA3U25SQlkb9mm80NvyvJeHxPDspyPDEhp0IlDiXEEs0PyBXxDPAtGUFhA d6/jg/SZ11gHRhDpjHBUnvPGtZ7myPgz0RVTfHmabaMzbY/nlIg= =pAZ0 -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZJauv3mVdQ3TVl90>