On Thu, 2024-01-25 at 03:21 +0100, Dan Shelton wrote: > Hello! > > Is it possible for a NFSv4 client to implement TLS support via > /usr/bin/openssl s_client? > > /usr/bin/openssl s_client would do the connection, and a normal > libtirpc client would connect to the other side of s_client. > > Does that work? > > Dan Doubtful. RPC over TLS requires some cleartext setup before TLS is negotiated. At one time Ben Coddington had a proxy based on nginx that could handle the TLS negotiation, but I think that might have been based on an earlier draft of the spec. It would probably need some work to be brought up to the state of the RFC. -- Jeff Layton <jlayton@xxxxxxxxxx>
