[stuff snipped] > J. wrote: >> >> I'd like to have it (ktls) available on the ARM64 >> stable/13-n244876-0b45290603b. Is it just a matter of adding the option, >> and then the sysctls become available? Is it "better" with openssl[-devel] >> in ports or openssl in base? >> >> thanks, >> -- >> J.\ Alan explains how to set it up, below. However, I thought I'd note that maybe one person has tested KTLS on arm64, so you should consider doing this for test purposes only. If you do do some testing, please post with your results, success or failure. >It's present in current kernels for both 13 and 14, amd64 and aarch64. >However, it's not present in 13's openssl. To use it, you must either >rebuild world with WITH_OPENSSL_KTLS=YES in /etc/src.conf, Doing it this way means that everything linked to OpenSSL will use it. Probably a better testsituation, but expect at least the apache server to break. (Most breakage was fixed by a recent patch to the serf library, but I think the apache server is still broken. >(or) install >security/openssl-devel from pkg, or built security/openssl from ports with >the KTLS option enabled. I don't know if any version of openssl is >"better" than another. The sysctls should be available in any case. Only applications built using includes from /usr/local/include and linked to libraries in /usr/local/lib will use it for these cases. If you want to try NFS-over-TLS, see this: https://people.freebsd.org/~rmacklem/nfs-over-tls-setup.txt Please let us know if you try it, rick -Alan _______________________________________________ freebsd-current_at_freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"Received on Sun Mar 14 2021 - 19:55:27 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC