From: Dave Watson <davejwatson@xxxxxx> Date: Wed, 14 Jun 2017 11:36:54 -0700 > This series adds support for kernel TLS encryption over TCP sockets. > A standard TCP socket is converted to a TLS socket using a setsockopt. > Only symmetric crypto is done in the kernel, as well as TLS record > framing. The handshake remains in userspace, and the negotiated > cipher keys/iv are provided to the TCP socket. > > We implemented support for this API in OpenSSL 1.1.0, the code is > available at https://github.com/Mellanox/tls-openssl/tree/master > > It should work with any TLS library with similar modifications, > a test tool using gnutls is here: https://github.com/Mellanox/tls-af_ktls_tool > > RFC patch to openssl: > https://mta.openssl.org/pipermail/openssl-dev/2017-June/009384.html ... I really want to apply this, so everyone give it a good review :-)