Security
The following features for security are available as technology preview.
KTLS
The Linux Kernel TLS (KTLS) handles TLS records for the AES-GCM cipher. KTLS also provides the interface for offloading TLS record encryption to NICs that support this functionality.
OpenSSL 3.0 is able to use KTLS if the enable-ktls
configuration option is
used during compiling.
The updated gnutls
packages can use KTLS for accelerating data transfer on
encrypted channels. To enable KTLS, add the tls.ko
kernel module using the
modprobe
command, and create a new configuration file
/etc/crypto-policies/local.d/gnutls-ktls.txt
for the system-wide
cryptographic policies with the following content:
[global] ktls = true
Note that gnutls
doesn't permit you to update traffic keys through TLS
KeyUpdate
messages, which impacts the security of AES-GCM ciphersuites.