On Wed, Jun 14, 2017 at 3:17 PM, Dave Watson <davejwatson@xxxxxx> wrote: > On 06/14/17 01:54 PM, Tom Herbert wrote: >> On Wed, Jun 14, 2017 at 11:36 AM, Dave Watson <davejwatson@xxxxxx> wrote: >> > This series adds support for kernel TLS encryption over TCP sockets. >> > A standard TCP socket is converted to a TLS socket using a setsockopt. >> > Only symmetric crypto is done in the kernel, as well as TLS record >> > framing. The handshake remains in userspace, and the negotiated >> > cipher keys/iv are provided to the TCP socket. >> > >> I don't see support for TLS receive path in the kernel, only the send >> path. Am I missing something? > > Correct, this is only TX. Since it sounds likely some hardware might > only be able to offload TX, we decided to configure TX and RX > separately. Using the OpenSSL patches, it should be transparent to > users even if only one side is offloaded. > > The software RX patches exist but haven't been polished up yet. Thanks for the clarification, looking forward to RX patches also! Tom