On Sun, Mar 14, 2021 at 8:57 AM tech-lists <tech-lists_at_zyxst.net> wrote: > On Thu, Mar 11, 2021 at 03:42:55PM +0000, Rick Macklem wrote: > >I'm going to cheat and top post (the discussion looks > >pretty convoluted). > > > >- The kernel must be built with "options KERN_TLS" > >- OpenSSL must be built with KTLS enabled > >- These two sysctls need to be set to 1 > > kern.ipc.tls.enable > > kern.ipc.mb_use_ext_pgs > > Hello, > > I'd like to try ktls but have found the following: > > On AMD64 (stable/13) this option is present in the GENERIC kernel > of world built about a month ago: stable/13-n244496-618dee60231 > and openssl version is 1.1.1i-freebsd > > On ARM64 (stable/13) it's *not* present in a world built earlier > today from stable/13-n244876-0b45290603b. Here, the openssl version > is 1.1.1j-freebsd > > On another ARM64 (main/14) it *is* present in main-n245445-07564e17620 > built with sources from the 11th March. openssl is 1.1.1j-freebsd here > as well. > > I'd like to have it (ktls) available on the ARM64 > stable/13-n244876-0b45290603b. Is it just a matter of adding the option, > and then the sysctls become available? Is it "better" with openssl[-devel] > in ports or openssl in base? > > thanks, > -- > J.\ It's present in current kernels for both 13 and 14, amd64 and aarch64. However, it's not present in 13's openssl. To use it, you must either rebuild world with WITH_OPENSSL_KTLS=YES in /etc/src.conf, install security/openssl-devel from pkg, or built security/openssl from ports with the KTLS option enabled. I don't know if any version of openssl is "better" than another. The sysctls should be available in any case. -AlanReceived on Sun Mar 14 2021 - 14:54:47 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC