Index: projects/nfs-over-tls/rc.d/ktls
===================================================================
--- projects/nfs-over-tls/rc.d/ktls	(nonexistent)
+++ projects/nfs-over-tls/rc.d/ktls	(revision 367191)
@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ktls
+# REQUIRE: NETWORKING
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="ktls"
+desc="Enable Kernel TLS"
+rcvar="ktls_enable"
+start_cmd="${name}_start"
+stop_cmd=":"
+
+ktls_start()
+{
+
+	sysctl -q kern.ipc.tls.enable=1 > /dev/null
+	err=$?
+	if [ "${err}" -ne 0 ]; then
+		warn "kernel must be built with options KERN_TLS for ktls"
+		return "${err}"
+	fi
+	sysctl kern.ipc.mb_use_ext_pgs=1 > /dev/null
+
+	#
+	# Load ktls_ocf and optionally aesni
+	#
+	load_kld ktls_ocf
+	if checkyesno ktls_aesni_enable; then
+		load_kld aesni
+	fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
Index: projects/nfs-over-tls/rc.d/tlsclntd
===================================================================
--- projects/nfs-over-tls/rc.d/tlsclntd	(revision 367190)
+++ projects/nfs-over-tls/rc.d/tlsclntd	(revision 367191)
@@ -1,20 +1,20 @@
 #!/bin/sh
 #
 # $FreeBSD$
 #
 
 # PROVIDE: tlsclntd
-# REQUIRE: NETWORKING
+# REQUIRE: NETWORKING root mountcritlocal ktls
 # KEYWORD: nojail shutdown
 
 . /etc/rc.subr
 
 name="tlsclntd"
 desc="NFS over TLS client side daemon"
 rcvar="tlsclntd_enable"
 command="/usr/sbin/rpc.${name}"
 pidfile="/var/run/rpc.${name}.pid"
 
 load_rc_config $name
 
 run_rc_command "$1"
Index: projects/nfs-over-tls/rc.d/tlsservd
===================================================================
--- projects/nfs-over-tls/rc.d/tlsservd	(revision 367190)
+++ projects/nfs-over-tls/rc.d/tlsservd	(revision 367191)
@@ -1,24 +1,24 @@
 #!/bin/sh
 #
 # $FreeBSD$
 #
 
 # PROVIDE: tlsservd
-# REQUIRE: NETWORKING
+# REQUIRE: NETWORKING root mountcritlocal ktls
 # KEYWORD: nojail shutdown
 
 . /etc/rc.subr
 
 name="tlsservd"
 desc="NFS over TLS server side daemon"
 rcvar="tlsservd_enable"
 command="/usr/sbin/rpc.${name}"
 
 pidfile="/var/run/rpc.${name}.pid"
 required_files="/etc/rpc.tlsservd/cert.pem /etc/rpc.tlsservd/key.pem"
 extra_commands="reload"
 
 
 load_rc_config $name
 
 run_rc_command "$1"