On Wed, Jun 14, 2017 at 3:17 PM, Dave Watson <davejwat...@fb.com> wrote:
> On 06/14/17 01:54 PM, Tom Herbert wrote:
>> On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson <davejwat...@fb.com> wrote:
>> > This series adds support for kernel TLS encryption over TCP sockets.
>> > A standard TCP socket is converted to a TLS socket using a setsockopt.
>> > Only symmetric crypto is done in the kernel, as well as TLS record
>> > framing. The handshake remains in userspace, and the negotiated
>> > cipher keys/iv are provided to the TCP socket.
>> I don't see support for TLS receive path in the kernel, only the send
>> path. Am I missing something?
> Correct, this is only TX. Since it sounds likely some hardware might
> only be able to offload TX, we decided to configure TX and RX
> separately. Using the OpenSSL patches, it should be transparent to
> users even if only one side is offloaded.
> The software RX patches exist but haven't been polished up yet.
Thanks for the clarification, looking forward to RX patches also!