On Sat, Jan 23, 2021 at 03:25:59PM +0000, Rick Macklem wrote: > Ronald Klop wrote: > >On Wed, 20 Jan 2021 21:21:15 +0100, Neel Chauhan <n...@freebsd.org> wrote: > >But I think for Tor to support KTLS it needs to implement some things > >itself. More information about that could be asked at the maintainer of > >the port (https://www.freshports.org/security/tor/) or upstream at the Tor > >project. > To just make it work, I don't think changes are needed beyond linking to > the correct OpenSSL libraries (assuming it uses OpenSSL, of course). > (There are new library calls an application can use to check to see if > KTLS is enabled for the connection, but if it doesn't care, I don't think > those calls are needed?) > > You do need to run a kernel with "options KERN_TLS" and set > kern.ipc.tls.enable=1 > kern.ipc.mb_use_ext_pgs=1
Note that upstream openssl is expecting to change in what ways ktls is (en/dis)abled by default; see https://github.com/openssl/openssl/issues/13794 -Ben _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
