On Wed, 20 Jan 2021 21:21:15 +0100, Neel Chauhan <n...@freebsd.org> wrote:
Hi freebsd-current@,
I know that In-Kernel TLS was merged into the FreeBSD HEAD tree a while
back.
With 13.0-RELEASE around the corner, I'm thinking about upgrading my
home server, well if I can accelerate any SSL application.
I'm asking because I have a home server on a symmetrical Gigabit
connection (Google Fiber/Webpass), and that server runs a Tor relay. If
you're interested in how Tor works, the EFF has a writeup:
https://www.eff.org/pages/what-tor-relay
But the main point for you all is: more-or-less Tor relays deal with
1000s TLS connections going into and out of the server.
Would In-Kernel TLS help with an application like Tor (or even load
balancers/TLS termination), or is it more for things like web servers
sending static files via sendfile() (e.g. CDN used by Netflix).
My server could also work with Intel's QuickAssist (since it has an
Intel Xeon "Scalable" CPU). Would QuickAssist SSL be more helpful here?
I'm asking since I don't know whether to upgrade my home server to 13.x
or leave it at 12.x. Yes, I do know we need a special OpenSSL to use
kTLS.
-Neel
According to the history of the openssl port it has support for KTLS.
https://www.freshports.org/security/openssl
I don't know about the openssl in base.
But I think for Tor to support KTLS it needs to implement some things
itself. More information about that could be asked at the maintainer of
the port (https://www.freshports.org/security/tor/) or upstream at the Tor
project.
Regards,
Ronald.
_______________________________________________
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
