> > we have discussed this in the past on net...@vger.kernel.org but I
> > just want to point out here again, that renewing the symmetric crypto
> > keys is not supported in the kernel part (for the time being).
> >
> > So in case the application depends on renegotiation (TLS1.2, which is
> > the o
On Thu, Jun 08, 2017 at 06:26:28PM +, Ilya Lesokhin wrote:
> Hi Kurt,
> I think this it's better to have this discussion in the kernel mailing list.
> But basically, we were debating this issue ourselves.
> Previously we had another field in the attach API which could be {SW only, HW
> only a
On Thu, Jun 08, 2017 at 10:43:15AM +0200, Hannes Frederic Sowa wrote:
>
> we have discussed this in the past on net...@vger.kernel.org but I just
> want to point out here again, that renewing the symmetric crypto keys is
> not supported in the kernel part (for the time being).
>
> So in case the
Hello,
On Thu, Jun 8, 2017, at 00:05, Kurt Roeckx wrote:
> On Wed, Jun 07, 2017 at 03:35:45PM +0300, Boris Pismenny wrote:
> > Hello all,
> >
> > I would like to introduce you to the new kernel API for TLS transmit-side
> > data-path, and open a discussion regarding its support in OpenSSL.
>
> S
> A couple of comments.
>
> First, until this shows up in the kernel adopted by major distributions, it
> is a
> bit premature to include in OpenSSL. Including netinet/tcp.h is seriously
> wrong to be part of openssl :) And finally, as I said before, the best way to
> get things in OpenSSL is t
On Wed, Jun 07, 2017 at 03:35:45PM +0300, Boris Pismenny wrote:
> Hello all,
>
> I would like to introduce you to the new kernel API for TLS transmit-side
> data-path, and open a discussion regarding its support in OpenSSL.
So my understanding is that there are really 2 parts in the kernel
that c
On 06/07/2017 10:19 AM, Salz, Rich via openssl-dev wrote:
> A couple of comments.
>
> First, until this shows up in the kernel adopted by major distributions, it
> is a bit premature to include in OpenSSL. Including netinet/tcp.h is
> seriously wrong
I don't know that we would need to wait unt
A couple of comments.
First, until this shows up in the kernel adopted by major distributions, it is
a bit premature to include in OpenSSL. Including netinet/tcp.h is seriously
wrong to be part of openssl :) And finally, as I said before, the best way to
get things in OpenSSL is to do pull re
Hello all,
I would like to introduce you to the new kernel API for TLS transmit-side
data-path, and open a discussion regarding its support in OpenSSL.
This is currently a V2 patch series in Linux net-next, and it is stabilizing.
Dave has been working on this for a while [1][2], and Aviad, Ilya a