kssl, KSSL - kernel SSL proxy
The KSSL is a transparent server side proxy for SSL/TLS protocol. It provides processing of SSL traffic in the kernel and thus improving performance by avoiding context switches and directly accessing kernel providers of Oracle Solaris Crypto Framework. With KSSL it is possible to provide SSL protection even for applications which are only able to communicate in clear text over TCP.
KSSL is configured in the kernel and passes/accepts clear text data from an application. Together they are visible to the clients as single SSL server.
The server side application for which KSSL is configured is unaware that it is receiving data previously protected by SSL. KSSL receives SSL traffic on one port, for example, 443, performs processing and passes clear text data to the application listening on another port, for example, 8080. Similarly, for the outgress direction, application sends clear text data and KSSL produces SSL records and sends them to the client. Therefore, the application does not have to be setup for SSL.
Multiple KSSL instances can be configured on the system, each with separate set of properties such as port, certificate, key or cipher suites. See ksslcfg(1M). Each KSSL instance in the kernel is tracked as SMF service. See smf(5).
KSSL provides SSL processing for records passed with TCP over both IPv4 and IPv6.
KSSL supports the following protocols: SSLv3, TLSv1.0
T. Dierks, C. Allen, RFC 2246, The TLS Protocol Version 1.0, The Internet Society, 1999.