Welcome! Log In Create A New Profile

Advanced

Re: nginx kTLS support blog post

Mikhail Isachenkov
November 17, 2021 03:14AM
Hello Reinis,

TLSv1.2 ciphers is supported by kernel as well as TLSv1.3.
If the particular cipher is not supported by kernel, BIO_get_ktls_send()
function returns zero and SSL sendfile will not be used.

Check https://hg.nginx.org/nginx/rev/65946a191197#l1.18 for details.

16.11.2021 20:15, Reinis Rozitis пишет:
>> As some of you probably know we added kTLS support in nginx-1.21.4.
>
> Before testing myself wanted to quickly clarify - does this work in
> combination with older cipher suites (as in fallback from kTLS to standard
> non-kernel) to support older clients which still use tls 1.1 / 1.2 or you
> are locked into using Tls 1.3 ciphers only?
>
> wbr
> rr
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>

--
Best regards,
Mikhail Isachenkov
NGINX Professional Services
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

nginx kTLS support blog post

Maxim Konovalov November 12, 2021 04:04AM

RE: nginx kTLS support blog post

Reinis Rozitis November 16, 2021 12:16PM

Re: nginx kTLS support blog post

Mikhail Isachenkov November 17, 2021 03:14AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 56
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready