1ec8f24b7SThomas Gleixner# SPDX-License-Identifier: GPL-2.0-only 23c4d7559SDave Watson# 33c4d7559SDave Watson# TLS configuration 43c4d7559SDave Watson# 53c4d7559SDave Watsonconfig TLS 63c4d7559SDave Watson tristate "Transport Layer Security support" 754144b48SDavid S. Miller depends on INET 8d807ec65SDave Watson select CRYPTO 9d807ec65SDave Watson select CRYPTO_AES 10d807ec65SDave Watson select CRYPTO_GCM 11d829e9c4SDaniel Borkmann select NET_SOCK_MSG 12d807ec65SDave Watson default n 13a7f7f624SMasahiro Yamada help 143c4d7559SDave Watson Enable kernel support for TLS protocol. This allows symmetric 153c4d7559SDave Watson encryption handling of the TLS protocol to be done in-kernel. 163c4d7559SDave Watson 17d807ec65SDave Watson If unsure, say N. 18e8f69799SIlya Lesokhin 19e8f69799SIlya Lesokhinconfig TLS_DEVICE 20e8f69799SIlya Lesokhin bool "Transport Layer Security HW offload" 21e8f69799SIlya Lesokhin depends on TLS 22*9f06f87fSJakub Kicinski select SKB_DECRYPTED 23e8f69799SIlya Lesokhin select SOCK_VALIDATE_XMIT 2476f16593STariq Toukan select SOCK_RX_QUEUE_MAPPING 25e8f69799SIlya Lesokhin default n 26e8f69799SIlya Lesokhin help 27e8f69799SIlya Lesokhin Enable kernel support for HW offload of the TLS protocol. 28e8f69799SIlya Lesokhin 29e8f69799SIlya Lesokhin If unsure, say N. 3053b4414aSJakub Kicinski 3153b4414aSJakub Kicinskiconfig TLS_TOE 3253b4414aSJakub Kicinski bool "Transport Layer Security TCP stack bypass" 3353b4414aSJakub Kicinski depends on TLS 3453b4414aSJakub Kicinski default n 3553b4414aSJakub Kicinski help 3653b4414aSJakub Kicinski Enable kernel support for legacy HW offload of the TLS protocol, 3753b4414aSJakub Kicinski which is incompatible with the Linux networking stack semantics. 3853b4414aSJakub Kicinski 3953b4414aSJakub Kicinski If unsure, say N. 40