On Thu, 25 Jan 2024 at 21:44, Jeff Layton <jlayton@xxxxxxxxxx> wrote: > > On Thu, 2024-01-25 at 03:21 +0100, Dan Shelton wrote: > > Hello! > > > > Is it possible for a NFSv4 client to implement TLS support via > > /usr/bin/openssl s_client? > > > > /usr/bin/openssl s_client would do the connection, and a normal > > libtirpc client would connect to the other side of s_client. > > > > Does that work? > > > > Dan > > Doubtful. RPC over TLS requires some cleartext setup before TLS is > negotiated. At one time Ben Coddington had a proxy based on nginx that > could handle the TLS negotiation, but I think that might have been based > on an earlier draft of the spec. It would probably need some work to be > brought up to the state of the RFC. What about libtirpc-based apps? Is anyone going to add TLS support to libtirpc? Ced -- Cedric Blancher <cedric.blancher@xxxxxxxxx> [https://plus.google.com/u/0/+CedricBlancher/] Institute Pasteur
