From: David Miller <davem@davemloft.net>
To: davejwatson@fb.com
Cc: ilyal@mellanox.com, aviadye@mellanox.com, borisp@mellanox.com,
liranl@mellanox.com, matanb@mellanox.com, netdev@vger.kernel.org,
tom@herbertland.com, herbert@gondor.apana.org.au,
linux-crypto@vger.kernel.org, hannes@stressinduktion.org,
alexei.starovoitov@gmail.com, nmav@gnults.org,
fridolin.pokorny@gmail.com
Subject: Re: [PATCH net-next 0/4] kernel TLS
Date: Thu, 25 May 2017 13:29:32 -0400 (EDT) [thread overview]
Message-ID: <20170525.132932.2252528433754027808.davem@davemloft.net> (raw)
In-Reply-To: <20170524162633.GA24030@davejwatson-mba.local>
From: Dave Watson <davejwatson@fb.com>
Date: Wed, 24 May 2017 09:26:33 -0700
> This series adds support for kernel TLS encryption over TCP sockets.
> A standard TCP socket is converted to a TLS socket using a setsockopt.
> Only symmetric crypto is done in the kernel, as well as TLS record
> framing. The handshake remains in userspace, and the negotiated
> cipher keys/iv are provided to the TCP socket.
>
> We implemented support for this API in OpenSSL 1.1.0, the code is
> available at https://github.com/Mellanox/tls-openssl/tree/master
>
> It should work with any TLS library with similar modifications,
> a test tool using gnutls is here: https://github.com/Mellanox/tls-af_ktls_tool
>
> Changes from RFC V2:
>
> * Generic ULP (upper layer protocol) framework instead of TLS specific
> setsockopts
> * Dropped Mellanox hardware patches, will come as separate series.
> Framework will work for both.
The value in this is seeing how it can work transparently behind
an existing userspace library providing TLS services.
So the reference to the gnutls and openssl implementations probably
belongs in the Documentation patch #4 too.
Thanks.
prev parent reply other threads:[~2017-05-25 17:29 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-24 16:26 [PATCH net-next 0/4] kernel TLS Dave Watson
2017-05-25 17:29 ` David Miller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170525.132932.2252528433754027808.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=alexei.starovoitov@gmail.com \
--cc=aviadye@mellanox.com \
--cc=borisp@mellanox.com \
--cc=davejwatson@fb.com \
--cc=fridolin.pokorny@gmail.com \
--cc=hannes@stressinduktion.org \
--cc=herbert@gondor.apana.org.au \
--cc=ilyal@mellanox.com \
--cc=linux-crypto@vger.kernel.org \
--cc=liranl@mellanox.com \
--cc=matanb@mellanox.com \
--cc=netdev@vger.kernel.org \
--cc=nmav@gnults.org \
--cc=tom@herbertland.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).