ktls-utils
ktls-utils copied to clipboard
oracle
TLS handshake utilities for in-kernel TLS consumers
QUICv1 is specified by [RFC 9000] (https://www.rfc-editor.org/rfc/rfc9000.html). Because a QUICv1 connect transaction makes use of the TLS v1.3 handshake, we believe that in-kernel support for the QUIC transport protocol can...
We've had several independent requests (and a PR or two) to re-add support for the "-n" option, which disables tlshd's server certificate validation checking when it runs on the client....
Session keys created by a TLS handshake are small and should be thrown out after a while (usually a certain number of payload bytes transferred within the session) to mitigate...
FreeBSD's RPC-with-TLS implementation supports a security policy mechanism that enables an x.509-authenticated client to tell an NFS server to squash all requests within its TLS session to a single specific...
Could you please share a template of the ```/etc/tlshd.conf``` contents? I know the tlshd.conf details are explained in the respective tlshd.conf man page, but it would be a lot more...
Ultimately we would like to extend TLS protection to the root filesystem, for instance by supporting NFSROOT with TLS, or by supporting a root filesystem that resides on an NVMe...
We believe that it might be common that either a TLS-enabled client or server might reside in more than one trust domain. It should be possible for the upper layer...
In scenarios where a client kernel makes multiple socket connections to the same server on behalf of the same upper layer protocol (eg, NFS with nconnect), we would like amortize...
Currently tlshd and the netlink upcall protocol support TCP sockets with TLS, but do not support UDP sockets with DTLS. Eventually we'd like tlshd to handle DTLS, though there is...
[RFC 9289](https://www.rfc-editor.org/rfc/rfc9289.html) specifies an Application-Layer Protocol Negotiation (ALPN) identifier for RPC-with-TLS, in addition to new extended key usage OIDs for RPC-with-TLS. Either tlshd or the kernel's RPC stack need to...