From: Dave Watson <davejwat...@fb.com>
Date: Wed, 14 Jun 2017 11:36:54 -0700
> This series adds support for kernel TLS encryption over TCP sockets.
> A standard TCP socket is converted to a TLS socket using a setsockopt.
> Only symmetric crypto is done in the kernel, as well as TLS record
> framing. The handshake remains in userspace, and the negotiated
> cipher keys/iv are provided to the TCP socket.
> We implemented support for this API in OpenSSL 1.1.0, the code is
> available at https://github.com/Mellanox/tls-openssl/tree/master
> It should work with any TLS library with similar modifications,
> a test tool using gnutls is here: https://github.com/Mellanox/tls-af_ktls_tool
> RFC patch to openssl:
I really want to apply this, so everyone give it a good review :-)