Page MenuHomeFreeBSD

ktls: Try to enable TOE TLS after marking existing data not ready.
ClosedPublic

Authored by jhb on Jan 28 2022, 6:10 PM.
Tags
None
Referenced Files
F105888172: D34082.diff
Sun, Dec 22, 4:46 AM
Unknown Object (File)
Mon, Dec 16, 6:49 AM
Unknown Object (File)
Oct 19 2024, 11:07 AM
Unknown Object (File)
Sep 19 2024, 5:08 AM
Unknown Object (File)
Sep 18 2024, 6:40 AM
Unknown Object (File)
Sep 17 2024, 9:59 PM
Unknown Object (File)
Sep 17 2024, 12:43 PM
Unknown Object (File)
Sep 9 2024, 1:07 AM
Subscribers

Details

Summary

At the moment this is mostly a no-op but in the future there will be
in-flight encrypted data which requires software decryption. This
same setup is also needed for NIC TLS RX.

Note that this does break TOE TLS RX for AES-CBC ciphers since there
is no software fallback for AES-CBC receive. This will be resolved
one way or another before 14.0 is released.

Sponsored by: Chelsio Communications

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb requested review of this revision.Jan 28 2022, 6:10 PM

@hselasky I've tested this and aside from the issue with AES-CBC it does work ok for TOE TLS. It's the more complete version of the patch you had asked me about earlier.

This revision is now accepted and ready to land.Jan 29 2022, 9:46 AM