From: Tom Herbert Subject: Re: [PATCH v3 net-next 0/4] kernel TLS Date: Wed, 14 Jun 2017 16:24:53 -0700 Message-ID: References: <20170614183654.GA80067@davejwatson-mba.dhcp.thefacebook.com> <20170614221738.GC72301@davejwatson-mba.dhcp.thefacebook.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: Ilya Lesokhin , Aviad Yehezkel , Boris Pismenny , Liran Liss , Matan Barak , David Miller , Linux Kernel Network Developers , Herbert Xu , Linux Crypto Mailing List , Hannes Frederic Sowa , Eric Dumazet , Alexei Starovoitov , nmav@gnutls.org, =?UTF-8?B?RnJpZG9sw61uIFBva29ybsO9?= To: Dave Watson Return-path: In-Reply-To: <20170614221738.GC72301@davejwatson-mba.dhcp.thefacebook.com> Sender: netdev-owner@vger.kernel.org List-Id: linux-crypto.vger.kernel.org On Wed, Jun 14, 2017 at 3:17 PM, Dave Watson wrote: > On 06/14/17 01:54 PM, Tom Herbert wrote: >> On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson wrote: >> > This series adds support for kernel TLS encryption over TCP sockets. >> > A standard TCP socket is converted to a TLS socket using a setsockopt. >> > Only symmetric crypto is done in the kernel, as well as TLS record >> > framing. The handshake remains in userspace, and the negotiated >> > cipher keys/iv are provided to the TCP socket. >> > >> I don't see support for TLS receive path in the kernel, only the send >> path. Am I missing something? > > Correct, this is only TX. Since it sounds likely some hardware might > only be able to offload TX, we decided to configure TX and RX > separately. Using the OpenSSL patches, it should be transparent to > users even if only one side is offloaded. > > The software RX patches exist but haven't been polished up yet. Thanks for the clarification, looking forward to RX patches also! Tom