1. Unbreakable Enterprise Kernel Release 7 Update 3 - Release Notes (Version 5.15.0-300)
  2. New Features and Changes
  3. TLS Encrypted Connections for NFS

TLS Encrypted Connections for NFS

RPC-With-TLS is enabled in the Linux NFS server and client. This update provides a standards-based peer authentication mechanism over an encrypted connection using TLS. The TLS Record protocol is handled entirely by kTLS.

Note that both the server and client systems must run UEK R7U3 or later, or must be running a kernel and user space client that supports RFC 9289, to use this functionality. The user space package, ktls-utils, is also required and must be installed on both the client and server systems. Also ensure that you have installed the most recent version of the nfs-utils package or that you have done a full system update.

RPC-With-TLS is contributed upstream by Oracle and is described in RFC 9289.