| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190410085842.687f2d2f@cakuba.netronome.com>
Date: Wed, 10 Apr 2019 08:58:42 -0700
From: Jakub Kicinski <jakub.kicinski@...ronome.com>
To: Atul Gupta <atul.gupta@...lsio.com>
Cc: herbert@...dor.apana.org.au, davem@...emloft.net,
linux-crypto@...r.kernel.org, netdev@...r.kernel.org,
dt@...lsio.com
Subject: Re: [crypto 0/4] Inline TLS client and v6 support
On Wed, 10 Apr 2019 10:56:37 +0530, Atul Gupta wrote:
> On 4/9/2019 11:31 PM, Jakub Kicinski wrote:
> > On Tue, 9 Apr 2019 08:22:34 -0700, Atul Gupta wrote:
> >> Extends Inline TLS record processing to TLS client. connect
> >> API is added to tls_context to setup hardware for TLS
> >> connection and handshake. Functionality wise, this makes the solution
> >> end-to-end Inline TLS capable. TLS server and client
> >> can operate in Inline mode and leverage hardware for complete
> >> TLS record offload.
> >> [0004] Adds the IPv6 support for Inline TLS server/client.
> >>
> >> RFC series for this patch was created against net-next and
> >> submitted on 18 Jan'2019.
> >> This series is created against Herbert branch.
> > Sorry if someone already asked this, but is your HW doing full ToE
> > for all this TLS "record offload" stuff?
>
> Yes Jakub
So from what I grok you already feed all the data directly to the
socket completely bypassing the lower layers of the networking stack,
and with this patch set you'd also move 3WHS into the FW?
Powered by blists - more mailing lists