KTLS with openssl 3.0 fail with error ENOTCONN(Transport endpoint is not connected)
John Baldwin
jhb at FreeBSD.org
Wed Jan 5 18:56:00 UTC 2022
On 1/4/22 11:49 PM, Gaurav Jain wrote:
> Hello Boris/John
>
> I am from NXP and currently working on enabling KTLS on NXP platforms via openssl.
> I see that you enabled KTLS support in openssl 3.0(https://www.openssl.org/news/changelog.html#openssl-30).
>
> when I configure openssl 3.0 or 3.1.0 with enable-ktls and and try to run the s_server, s_client application.
> I observe that connection is successfully established - but it didn't use KTLS.
>
> Then I added additional log in kernel(file net/tls/tls_main.c) and see that kernel is returning error -ENOTCONN
> when (sk->sk_state != TCP_ESTABLISHED) in function static int tls_init(struct sock *sk)
To be clear, I have worked on KTLS support for FreeBSD, not for Linux.
However, I think the error you are seeing is a red herring. I think you are
seeing the setsockopt() call from ktls_enable() fail because it is invoked
on the listen socket since ktls_enable() is called when sockets are created
by libssl.
For KTLS to work on the server side on Linux what you need to find out is when
ktls_enable() is invoked on the socket returned by accept() and why that is
failing.
--
John Baldwin
More information about the openssl-users
mailing list