Notably, this implementation only implements the encryption part of TLS. The handshake is completed in userspace (usually by OpenSSL), then the user application will hand the encryption off to the kernel, which can then hand it off to a supported NIC with TLS acceleration if there’s one present (e.g. some NVIDIA/Mellanox NICs according to https://docs.nvidia.com/networking/m/view-rendered-page.action?abstractPageId=25155203)
If you use kTLS, then you’re able to use sendfile with a TLS connection, which can really speed up static file serving (the linked documentation says this is supported, but I think it’s a bigger deal than the docs make it out to be)
Notably, this implementation only implements the encryption part of TLS. The handshake is completed in userspace (usually by OpenSSL), then the user application will hand the encryption off to the kernel, which can then hand it off to a supported NIC with TLS acceleration if there’s one present (e.g. some NVIDIA/Mellanox NICs according to https://docs.nvidia.com/networking/m/view-rendered-page.action?abstractPageId=25155203)
If you use kTLS, then you’re able to use
sendfilewith a TLS connection, which can really speed up static file serving (the linked documentation says this is supported, but I think it’s a bigger deal than the docs make it out to be)