diff options
author | Matt Caswell <matt@openssl.org> | 2021-04-07 19:36:45 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-04-12 11:32:05 +0100 |
commit | 6878f4300213cfd7d4f01e26a8b97f70344da100 (patch) | |
tree | 029af3058e0bead17df24a1e0bbc36ec4a914a53 /doc/man3/SSL_CTX_set_mode.pod | |
parent | a3a54179b6754fbed6d88e434baac710a83aaf80 (diff) | |
download | openssl-6878f4300213cfd7d4f01e26a8b97f70344da100.tar.gz |
Update KTLS documentation
KTLS support has been changed to be off by default, and configuration is
via a single "option" rather two "modes". Documentation is updated
accordingly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14799)
Diffstat (limited to 'doc/man3/SSL_CTX_set_mode.pod')
-rw-r--r-- | doc/man3/SSL_CTX_set_mode.pod | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/doc/man3/SSL_CTX_set_mode.pod b/doc/man3/SSL_CTX_set_mode.pod index a814022d3c..39b5e1906f 100644 --- a/doc/man3/SSL_CTX_set_mode.pod +++ b/doc/man3/SSL_CTX_set_mode.pod @@ -105,22 +105,6 @@ Enable asynchronous processing. TLS I/O operations may indicate a retry with SSL_ERROR_WANT_ASYNC with this mode set if an asynchronous capable engine is used to perform cryptographic operations. See L<SSL_get_error(3)>. -=item SSL_MODE_NO_KTLS_TX - -Disable the use of the kernel TLS egress data-path. -By default kernel TLS is enabled if it is supported by the negotiated ciphersuites -and extensions and OpenSSL has been compiled with support for it. -The kernel TLS data-path implements the record layer, -and the crypto algorithm. The kernel will utilize the best hardware -available for crypto. Using the kernel data-path should reduce the memory -footprint of OpenSSL because no buffering is required. Also, the throughput -should improve because data copy is avoided when user data is encrypted into -kernel memory instead of the usual encrypt than copy to kernel. - -Kernel TLS might not support all the features of OpenSSL. For instance, -renegotiation, and setting the maximum fragment size is not possible as of -Linux 4.20. - =item SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG Older versions of OpenSSL had a bug in the computation of the label length @@ -150,7 +134,6 @@ L<SSL_write(3)>, L<SSL_get_error(3)> =head1 HISTORY SSL_MODE_ASYNC was added in OpenSSL 1.1.0. -SSL_MODE_NO_KTLS_TX was added in OpenSSL 3.0. =head1 COPYRIGHT |