Forum List Message List New Topic Print View

Mikhail Isachenkov

November 17, 2021 03:14AM

Hello Reinis,

TLSv1.2 ciphers is supported by kernel as well as TLSv1.3.
If the particular cipher is not supported by kernel, BIO_get_ktls_send()
function returns zero and SSL sendfile will not be used.

Check https://hg.nginx.org/nginx/rev/65946a191197#l1.18 for details.

16.11.2021 20:15, Reinis Rozitis пишет:
>> As some of you probably know we added kTLS support in nginx-1.21.4.
>
> Before testing myself wanted to quickly clarify - does this work in
> combination with older cipher suites (as in fallback from kTLS to standard
> non-kernel) to support older clients which still use tls 1.1 / 1.2 or you
> are locked into using Tls 1.3 ciphers only?
>
> wbr
> rr
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>

--
Best regards,
Mikhail Isachenkov
NGINX Professional Services
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
nginx kTLS support blog post	Maxim Konovalov	November 12, 2021 04:04AM
RE: nginx kTLS support blog post	Reinis Rozitis	November 16, 2021 12:16PM
Re: nginx kTLS support blog post	Mikhail Isachenkov	November 17, 2021 03:14AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 220

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

nginx kTLS support blog post

RE: nginx kTLS support blog post

Re: nginx kTLS support blog post

Online Users