diff options
authorAndrew Gallatin <gallatin@FreeBSD.org>2021-01-14 17:44:06 +0000
committerAndrew Gallatin <gallatin@FreeBSD.org>2021-01-18 18:29:10 +0000
commitefa9c21bca9873af9c9660f5aeffda9d5ae1dfb7 (patch)
parentc3e75b6c1a02d36b9b6c62511725ab5d3d94fdb0 (diff)
KTLS: Enable KERN_TLS in GENERIC on amd64
Based on discussions on freebsd-arch@, enable KERN_TLS in GENERIC on amd64, but leave it disabled via the sysctl kern.ipc.tls.enable. Users wishing to enable ktls must set kern.ipc.tls.enable=1 While here, fix wording in NOTES to mention that KERN_TLS also does receive now. Sponsored by: Netflix Reviewed by: allanjude Differential Revision: https://reviews.freebsd.org/D28163
2 files changed, 3 insertions, 2 deletions
diff --git a/sys/amd64/conf/GENERIC b/sys/amd64/conf/GENERIC
index c9ab23bb91b5..9f55a935f8a5 100644
--- a/sys/amd64/conf/GENERIC
+++ b/sys/amd64/conf/GENERIC
@@ -37,6 +37,7 @@ options TCP_BLACKBOX # Enhanced TCP event logging
options TCP_HHOOK # hhook(9) framework for TCP
options TCP_RFC7413 # TCP Fast Open
options SCTP_SUPPORT # Allow kldload of SCTP
+options KERN_TLS # TLS transmit & receive offload
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index 1a8059a2e5c0..b4202bb65618 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -666,8 +666,8 @@ options IPSEC_SUPPORT
#options IPSEC_DEBUG #debug for IP security
-# TLS framing and encryption of data transmitted over TCP sockets.
-options KERN_TLS # TLS transmit offload
+# TLS framing and encryption/decryption of data over TCP sockets.
+options KERN_TLS # TLS transmit and receive offload
# SMB/CIFS requester