sanxiyn
September 8, 2022, 8:43pm
1
Linux and FreeBSD have in-kernel implementations of TLS, see Linux's kernel TLS documentation . In-kernel TLS can help with performance, especially with in combination with sendfile, by avoiding copies, see Improving NGINX Performance with Kernel TLS and SSL_sendfile() .
How can I take advantage of kernel TLS with Rust?
I don't think there is any ready to use crate which would let you use kTLS.
However, I think you could try to implement one. You would most likely need to generate bindings to linux/tls.h:
Then maybe use sendfile - Rust and try to replicate the example from documentation you linked or this selftest:
I found this thread by basically searching for the same question. While I don't have an answer for you I just wonder how those two things work together:
OpenSSL supports kTLS: KTLS enable · Issue #14595 · openssl/openssl · GitHub , which says
You don't need to do anything special in your code. SSL_write
will just do the right thing if the above conditions are met. You don't need to call SSL_sendfile
the native_tls crate uses OpenSSL
So maybe using native_tls it will just work?
1 Like
system
Closed
January 10, 2023, 6:00pm
4
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.