ktls

package module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 3, 2024 License: BSD-3-Clause Imports: 8 Imported by: 0

README

ktls

Experimental Linux kernel TLS support for Go. Upstream Go isn't particularly keen on adding kTLS #44506 as they are skeptical of it's performance benefits and the loss of control over the TLS stack. However this dismisses a very important use case for kTLS, hardware offload. If you can bypass userspace with sendfile and splice and you have a NIC that supports HW crypto, kTLS is an absolute game changer.

Right now it's very loosely integrated into the Go TLS stack, but it's a start and I'm using it to implement tlshd-go.

Usage

Replace all uses of crypto/tls with github.com/dpeckett/ktls/tls, and once you complete the tls handshake you can call ktls.Enable(conn) to enable kTLS.

Implementing TLS alert handling etc is left as an exercise for the reader.

Documentation

Index

Constants

View Source 
const (
	TLS_TX = 1 // Set transmit parameters.
	TLS_RX = 2 // Set receive parameters.
)

Variables

This section is empty.

Functions

func Enable 

func Enable(tlsConn *tls.Conn) error

Enable enables kernel TLS on the given file descriptor.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.
 Package tls partially implements TLS 1.2, as specified in RFC 5246, and TLS 1.3, as specified in RFC 8446.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.