Note: This repository is no longer maintained. This kernel module—particularly its TLS part (not DTLS)—has been merged into the Linux mainline and is available since Linux 4.13 as Kernel TLS socket.
This kernel module introduces an AF_KTLS socket. AF_KTLS socket can
be used to transmit data over TLS 1.2 using TCP or DTLS 1.2 using UDP.
Currently, there is supported only AES GCM cipher.
The socket does data transmission, the handshake, re-handshaking and other
control messages have to be served by user space using appropriate libs such as
OpenSSL or Gnu TLS. AF_KTLS socket appears to be faster especially for
transmitting files without user space (buffered-copy) interaction (using
sendfile(2) or splice(2)).
The socket uses RFC5288 proposed on Linux crypto mailing list by Dave Watson from Facebook. The latest patches for rfc5288 are included in this repo. If you want to look at benchmarking scenarios or test your use case speed impact, visit AF_KTLS tool.
See issues for awaiting enhancements or bugs.
See also AF_KTLS tool, AF_KTLS visualize.
Feb 5th 2017, Brussels, Belgium: FOSDEM
Jan 21nd 2017, Brno, Czech republic: Devconf.cz
Oct 5th 2016, Tokyo, Japan: Netdev 1.2