Using OpenSSL with Kernel TLS

Sat Nov 5 00:20:23 UTC 2022

I'd like to use OpenSSL with KTLS for websocket protocol, mainly for
receiving but also transmit. I'm using the latest version of OpenSSL from
source, with Ubuntu 20.04 and 22.04.

I currently use the regular SSL_read() and SSL_write() functions to receive
and transmit bytes. I have not used BIO interfaces before and do not
currently have one.

I saw an Issue on the Github page discussing KTLS:

https://github.com/openssl/openssl/issues/14595

In particular:

-   -   -   -    -   -   -   -    -   -   -   -    -   -   -   -    -   -
 -   -    -   -   -   -    -   -   -   -    -   -   -   -    -   -   -   -
  -   -   -   -    -   -   -   -    -

*KTLS will be used if................You are using a suitable KTLS aware
BIO (BIO_s_connect(), or BIO_s_socket())You don't need to do anything
special in your code. SSL_write will just do the right thing if the above
conditions are met. *
-   -   -   -    -   -   -   -    -   -   -   -    -   -   -   -    -   -
 -   -    -   -   -   -    -   -   -   -    -   -   -   -    -   -   -   -
  -   -   -   -    -   -   -   -    -

The last part suggests SSL_write() will work out-of-the-box, so long as we
have a BIO interface.

1) Will SSL_read() work with KTLS too?

2) If we can still call SSL_read() and SSL_write() with KTLS, what is the
purpose/requirement for the BIO interface?

3) If we cannot use SSL_read() and SSL_write() I assume we have to use
BIO_read() and BIO_write(). I read somewhere to receive a packet I must
read bytes from the BIO and pass to the SSL layer. For KTLS this seems odd,
the whole idea is we want all processing performed in the kernel. Have I
misunderstood this?

4) Are there any significant performance differences (between Linux
distributions) for KTLS + OpenSSL?

Thank you in advance,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20221105/e81b8785/attachment.htm>