J. wrote: >On Tue, Mar 16, 2021 at 11:46:27PM +0000, Rick Macklem wrote: >>Well, if you do "sysctl -a | fgrep kern.ipc.tls.stats" and it is working, >>you should see the count for at least one of the "crypts" ticking up. >>If they are all zero, it isn't working. That might depend on the apps >>or setup and does not necessarily indicate broken. > >OK. it's "not working" by those criteria on the stable/13 rpi4. >This one has mutt (imaps) and lynx (https) installed. mutt appears to >use tlsv1.3 to connect with my email provider. I know that the receive direction only works for TLS1.2. Not sure about the xmit direction? Make sure you've done the following: ktls_ocf - is loaded these sysctls are set to 1 kern.ipc.tls.enable kern.ipc.mb_use_ext_pgs Beyond that, it will take someone more knowledgible to figure out if it can work for these apps? (To be honest, for userspace applications I'm not sure there is any advantage to using KTLS unless you have specialized hardware. rick >Trying the nfs-over-tls should definitely test it. When it works, the >data on the wire after the first couple of Null RPCs is encrypted. >Also, if you start the daemons with "-v", This is what i'll try once buildworld etc completes on the main/14 rpi4. -- J.Received on Wed Mar 17 2021 - 19:39:05 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC