Linux and FreeBSD have in-kernel implementations of TLS, see Linux's kernel TLS documentation. In-kernel TLS can help with performance, especially with in combination with sendfile, by avoiding copies, see Improving NGINX Performance with Kernel TLS and SSL_sendfile().
How can I take advantage of kernel TLS with Rust?
I don't think there is any ready to use crate which would let you use kTLS.
However, I think you could try to implement one. You would most likely need to generate bindings to linux/tls.h:
Then maybe use sendfile - Rust and try to replicate the example from documentation you linked or this selftest:
I found this thread by basically searching for the same question. While I don't have an answer for you I just wonder how those two things work together:
OpenSSL supports kTLS: KTLS enable · Issue #14595 · openssl/openssl · GitHub, which says
You don't need to do anything special in your code.
SSL_write will just do the right thing if the above conditions are met. You don't need to call
the native_tls crate uses OpenSSL
So maybe using native_tls it will just work?
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.