On Wed, 20 Jan 2021 21:21:15 +0100, Neel Chauhan <nc_at_freebsd.org> wrote: > Hi freebsd-current_at_, > > I know that In-Kernel TLS was merged into the FreeBSD HEAD tree a while > back. > > With 13.0-RELEASE around the corner, I'm thinking about upgrading my > home server, well if I can accelerate any SSL application. > > I'm asking because I have a home server on a symmetrical Gigabit > connection (Google Fiber/Webpass), and that server runs a Tor relay. If > you're interested in how Tor works, the EFF has a writeup: > https://www.eff.org/pages/what-tor-relay > > But the main point for you all is: more-or-less Tor relays deal with > 1000s TLS connections going into and out of the server. > > Would In-Kernel TLS help with an application like Tor (or even load > balancers/TLS termination), or is it more for things like web servers > sending static files via sendfile() (e.g. CDN used by Netflix). > > My server could also work with Intel's QuickAssist (since it has an > Intel Xeon "Scalable" CPU). Would QuickAssist SSL be more helpful here? > > I'm asking since I don't know whether to upgrade my home server to 13.x > or leave it at 12.x. Yes, I do know we need a special OpenSSL to use > kTLS. > > -Neel According to the history of the openssl port it has support for KTLS. https://www.freshports.org/security/openssl I don't know about the openssl in base. But I think for Tor to support KTLS it needs to implement some things itself. More information about that could be asked at the maintainer of the port (https://www.freshports.org/security/tor/) or upstream at the Tor project. Regards, Ronald.Received on Sat Jan 23 2021 - 11:42:09 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:26 UTC