On 06/14/17 01:54 PM, Tom Herbert wrote:
> On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson <davejwat...@fb.com> wrote:
> > This series adds support for kernel TLS encryption over TCP sockets.
> > A standard TCP socket is converted to a TLS socket using a setsockopt.
> > Only symmetric crypto is done in the kernel, as well as TLS record
> > framing. The handshake remains in userspace, and the negotiated
> > cipher keys/iv are provided to the TCP socket.
> I don't see support for TLS receive path in the kernel, only the send
> path. Am I missing something?
Correct, this is only TX. Since it sounds likely some hardware might
only be able to offload TX, we decided to configure TX and RX
separately. Using the OpenSSL patches, it should be transparent to
users even if only one side is offloaded.
The software RX patches exist but haven't been polished up yet.