On Sat, Jan 23, 2021 at 03:25:59PM +0000, Rick Macklem wrote: > Ronald Klop wrote: > >On Wed, 20 Jan 2021 21:21:15 +0100, Neel Chauhan <nc_at_freebsd.org> wrote: > >But I think for Tor to support KTLS it needs to implement some things > >itself. More information about that could be asked at the maintainer of > >the port (https://www.freshports.org/security/tor/) or upstream at the Tor > >project. > To just make it work, I don't think changes are needed beyond linking to > the correct OpenSSL libraries (assuming it uses OpenSSL, of course). > (There are new library calls an application can use to check to see if > KTLS is enabled for the connection, but if it doesn't care, I don't think > those calls are needed?) > > You do need to run a kernel with "options KERN_TLS" and set > kern.ipc.tls.enable=1 > kern.ipc.mb_use_ext_pgs=1 Note that upstream openssl is expecting to change in what ways ktls is (en/dis)abled by default; see https://github.com/openssl/openssl/issues/13794 -BenReceived on Mon Jan 25 2021 - 04:47:06 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:26 UTC