| ktls.4 (6c34d8ce11cb73e718fc23d85b6fbfab07ee15b4) | ktls.4 (c5a365623f88999b524d94003187ef09fda55f67) |
|---|---|
| 1.\" Copyright (c) 2020, Chelsio Inc 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions are met: 6.\" 7.\" 1. Redistributions of source code must retain the above copyright notice, 8.\" this list of conditions and the following disclaimer. --- 17 unchanged lines hidden (view full) --- 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28.\" POSSIBILITY OF SUCH DAMAGE. 29.\" 30.\" * Other names and brands may be claimed as the property of others. 31.\" 32.\" $FreeBSD$ 33.\" | 1.\" Copyright (c) 2020, Chelsio Inc 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions are met: 6.\" 7.\" 1. Redistributions of source code must retain the above copyright notice, 8.\" this list of conditions and the following disclaimer. --- 17 unchanged lines hidden (view full) --- 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28.\" POSSIBILITY OF SUCH DAMAGE. 29.\" 30.\" * Other names and brands may be claimed as the property of others. 31.\" 32.\" $FreeBSD$ 33.\" |
| 34.Dd February 8, 2021 | 34.Dd March 8, 2021 |
| 35.Dt KTLS 4 36.Os 37.Sh NAME 38.Nm ktls 39.Nd kernel Transport Layer Security 40.Sh SYNOPSIS 41.Cd options KERN_TLS 42.Sh DESCRIPTION --- 6 unchanged lines hidden (view full) --- 49the initial handshake for a socket using TLS is performed in userland. 50Once the session keys are negotiated, 51they are provided to the kernel via the 52.Dv TCP_TXTLS_ENABLE 53and 54.Dv TCP_RXTLS_ENABLE 55socket options. 56Both socket options accept a | 35.Dt KTLS 4 36.Os 37.Sh NAME 38.Nm ktls 39.Nd kernel Transport Layer Security 40.Sh SYNOPSIS 41.Cd options KERN_TLS 42.Sh DESCRIPTION --- 6 unchanged lines hidden (view full) --- 49the initial handshake for a socket using TLS is performed in userland. 50Once the session keys are negotiated, 51they are provided to the kernel via the 52.Dv TCP_TXTLS_ENABLE 53and 54.Dv TCP_RXTLS_ENABLE 55socket options. 56Both socket options accept a |
| 57.Vt struct tls_so_enable | 57.Vt struct tls_enable |
| 58structure as their argument. 59The members of this structure describe the cipher suite used for the 60TLS session and provide the session keys used for the respective 61direction. 62.Pp 63.Nm 64only permits the session keys to be set once in each direction. 65As a result, --- 95 unchanged lines hidden (view full) --- 161which includes fields from the TLS record header. 162If an invalid or corrupted TLS record is received, 163.Xr recvmsg 2 164will fail with one of the following errors: 165.Bl -tag -width Er 166.It Bq Er EINVAL 167The version fields in a TLS record's header did not match the version required 168by the | 58structure as their argument. 59The members of this structure describe the cipher suite used for the 60TLS session and provide the session keys used for the respective 61direction. 62.Pp 63.Nm 64only permits the session keys to be set once in each direction. 65As a result, --- 95 unchanged lines hidden (view full) --- 161which includes fields from the TLS record header. 162If an invalid or corrupted TLS record is received, 163.Xr recvmsg 2 164will fail with one of the following errors: 165.Bl -tag -width Er 166.It Bq Er EINVAL 167The version fields in a TLS record's header did not match the version required 168by the |
| 169.Vt struct tls_so_enable | 169.Vt struct tls_enable |
| 170structure used to enable in-kernel TLS. 171.It Bq Er EMSGSIZE 172A TLS record's length was either too small or too large. 173.It Bq Er EMSGSIZE 174The connection was closed after sending a truncated TLS record. 175.It Bq Er EBADMSG 176The TLS record failed to match the included authentication tag. 177.El --- 90 unchanged lines hidden --- | 170structure used to enable in-kernel TLS. 171.It Bq Er EMSGSIZE 172A TLS record's length was either too small or too large. 173.It Bq Er EMSGSIZE 174The connection was closed after sending a truncated TLS record. 175.It Bq Er EBADMSG 176The TLS record failed to match the included authentication tag. 177.El --- 90 unchanged lines hidden --- |