? On Fri, 26 Jan 2024 at 08:23, Cedric Blancher <cedric.blancher@xxxxxxxxx> wrote: > > On Thu, 25 Jan 2024 at 21:44, Jeff Layton <jlayton@xxxxxxxxxx> wrote: > > > > On Thu, 2024-01-25 at 03:21 +0100, Dan Shelton wrote: > > > Hello! > > > > > > Is it possible for a NFSv4 client to implement TLS support via > > > /usr/bin/openssl s_client? > > > > > > /usr/bin/openssl s_client would do the connection, and a normal > > > libtirpc client would connect to the other side of s_client. > > > > > > Does that work? > > > > > > Dan > > > > Doubtful. RPC over TLS requires some cleartext setup before TLS is > > negotiated. At one time Ben Coddington had a proxy based on nginx that > > could handle the TLS negotiation, but I think that might have been based > > on an earlier draft of the spec. It would probably need some work to be > > brought up to the state of the RFC. > > What about libtirpc-based apps? Is anyone going to add TLS support to libtirpc? > > Ced > -- > Cedric Blancher <cedric.blancher@xxxxxxxxx> > [https://plus.google.com/u/0/+CedricBlancher/] > Institute Pasteur -- Dan Shelton - Cluster Specialist Win/Lin/Bsd
