On Wed, Jun 07, 2017 at 03:35:45PM +0300, Boris Pismenny wrote: > Hello all, > > I would like to introduce you to the new kernel API for TLS transmit-side > data-path, and open a discussion regarding its support in OpenSSL.
So my understanding is that there are really 2 parts in the kernel that change: - The kernel is aware of TLS and can do the symmetric encryption - The kernel can offload the symmetric encryption to the NIC And I guess you're mostly interested in the combination of the two where you would end up with the unencrypted data going go the NIC and that you might get speeds close to what you can do unencrypted. The performance gains would come from avoiding making copies and not doing the encryption on the CPU. My understanding from the old data is that moving the encryption to the kernel had a negative performance impact. So this at least looks like something we do not always want to enable. It might be useful to have an API where we can check that the offload is supported, or that we have an option to enable moving it to the kernel. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev