[openssl-dev] [RFC 0/4] Kernel TLS socket API
Kurt Roeckx
kurt at roeckx.be
Thu Jun 8 19:20:08 UTC 2017
On Thu, Jun 08, 2017 at 06:26:28PM +0000, Ilya Lesokhin wrote:
> Hi Kurt,
> I think this it's better to have this discussion in the kernel mailing list.
> But basically, we were debating this issue ourselves.
> Previously we had another field in the attach API which could be {SW only, HW only and auto}.
> However, we thought that most application wouldn't know what to do with it.
> So, we thought we could simplify the API, and make the HW/SW decision a global administrative configuration.
>
> The downside is that the ability to do HW offload depends on the routing, so the software
> Can't be configured to use KTLS only if HW offload is available.
>
> Do you think we should restore the old {SW only, HW only and auto} API?
I currently have no idea what the best way is. But I would like to
avoid a regression in performance by default.
So I guess part of the question is if you think this kind of
hardware would become common, or that it's only going to be used
in specialised settings?
Kurt
More information about the openssl-dev
mailing list