Welcome! Log In Create A New Profile

Re: ktls nginx not working

Forum List Message List New Topic Print View

Sergey Kandaurov

January 27, 2022 09:20AM

> On 27 Jan 2022, at 16:48, Anoop Alias <anoopalias01@gmail.com> wrote:
>
> Hi,
>
> I am trying to implement/test ktls as per the blog article
>
> https://www.nginx.com/blog/improving-nginx-performance-with-kernel-tls/#tls-protocol
>
> ###########################
> This is done on CentOS8 VM
>
> # uname -r
> 4.18.0-348.7.1.el8_5.x86_64
> ###########################
> # openssl-3.0.1/.openssl/bin/openssl ciphers
> [..]
>
> ###########################
> # /usr/sbin/nginx-debug -V
> nginx version: nginx/1.21.6
> built by gcc 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC)
> built with OpenSSL 3.0.1 14 Dec 2021
> TLS SNI support enabled
> configure arguments: --with-debug --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/etc/nginx/modules --with-pcre=./pcre2-10.39 --with-pcre-jit --with-zlib=./zlib-1.2.11 --with-openssl=./openssl-3.0.1 --with-openssl-opt=enable-ktls --with-openssl-opt=enable-tls1_3 --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log
> ############################
> The debug log does not show any signs of ktls in use
> [..]
> [root@65-108-156-104 nginx-1.21.6]# grep SSL_sendfile /var/log/nginx/error_log
> [root@65-108-156-104 nginx-1.21.6]# grep BIO /var/log/nginx/error_log
> [root@65-108-156-104 nginx-1.21.6]#
>
> There is no SSL_sendfile in the log
>
> ##############################################
> # TLS Settings
> ssl_protocols TLSv1.3;
> ssl_session_cache shared:SSL:32m;
> ssl_dhparam /etc/nginx/ssl/dhparam.pem;
> ssl_session_timeout 1d;
> ssl_session_tickets off;
> ssl_ocsp_cache shared:ocspcache:10m;
>
>
> server{
> ...
> ssl_conf_command Options KTLS;
> ..
> }
> #################################################
> What am I doing wrong?
>

Make sure you have enabled sendfile in configuration.

Note that Linux 4.18 as distributed with Centos8
implements no KTLS for TLSv1.3 ciphers,
and quite limited number of ciphers for TLSv1.2.

--
Sergey Kandaurov

_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-leave@nginx.org

Reply Quote

RSS

Subject	Author	Posted
ktls nginx not working	Anoop Alias	January 27, 2022 08:52AM
Re: ktls nginx not working	Sergey Kandaurov	January 27, 2022 09:20AM
Re: ktls nginx not working	Anoop Alias	January 27, 2022 09:32AM
Re: ktls nginx not working	Sergey Kandaurov	January 27, 2022 09:54AM
Re: ktls nginx not working	Anoop Alias	January 27, 2022 11:34PM
Re: ktls nginx not working	noloader	January 28, 2022 01:52AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 179

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018