How to use kernel TLS (kTLS)

Linux and FreeBSD have in-kernel implementations of TLS, see Linux's kernel TLS documentation. In-kernel TLS can help with performance, especially with in combination with sendfile, by avoiding copies, see Improving NGINX Performance with Kernel TLS and SSL_sendfile().

How can I take advantage of kernel TLS with Rust?

I don't think there is any ready to use crate which would let you use kTLS.

However, I think you could try to implement one. You would most likely need to generate bindings to linux/tls.h:

Then maybe use sendfile - Rust and try to replicate the example from documentation you linked or this selftest:

I found this thread by basically searching for the same question. While I don't have an answer for you I just wonder how those two things work together:

  1. OpenSSL supports kTLS: KTLS enable · Issue #14595 · openssl/openssl · GitHub, which says

    You don't need to do anything special in your code. SSL_write will just do the right thing if the above conditions are met. You don't need to call SSL_sendfile

  2. the native_tls crate uses OpenSSL

So maybe using native_tls it will just work?

1 Like

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.