Announcement

Collapse
No announcement yet.

Fedora 38 Looks To Accelerate GnuTLS With Kernel TLS

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Fedora 38 Looks To Accelerate GnuTLS With Kernel TLS

    Phoronix: Fedora 38 Looks To Acceleratoe GnuTLS With Kernel TLS

    With Fedora 37 approaching release at the end of October, more feature changes for Fedora 38 next spring are continuing to be discussed. One of the interesting proposals this week is enabling acceleration of GnuTLS using the kernel TLS (kTLS)...

    Fedora 38 Looks To Accelerate GnuTLS With Kernel TLS - Phoronix
    https://www.phoronix.com/news/Fedora-38-GnuTLS-kTLS
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    So which services will benefit from this? I know GnuTLS is a popular library — but there are a lot of different TLS implementations out there, and even more once you step away from the traditional C-based ecosystem.
    • Likes 1

    Comment

    • #3
      "Offloading" work to the kernel is cheating. The term is deceiving as it is not offloading, the processing will be performed by the same processor at the expense of other software.

      Comment

      • #4
        It's common for 100+Gb/s nics to have cryptographic offloads, so in many cases it's running on an accelerator. The kernel is the best piece of software to manage that sort of of acceleration inline with the nic.

        This presentation from Netflix has some more detail into the benefits of kTLS for their workloads (on FreeBSD.)
        https://people.freebsd.org/~gallatin/talks/euro2021.pdf
        • Likes 1

        Comment

        • #5
          Originally posted by zoomblab View Post
          "Offloading" work to the kernel is cheating. The term is deceiving as it is not offloading, the processing will be performed by the same processor at the expense of other software.
          Depends on specific devices, some might have a separate crypt accelerator available, which is a case for many embedded devices. Now, with userspace libraries, the usual problem was, that they were unable to use it -- see for example OpenVPN, who was never able to use any acceleration. Kernel space modules (like ipsec, for example) were much better intergrated.
          • Likes 4

          Comment

          • #6
            Didn't know Linux had KTLS, know it was the killer app of FreeBSD 13.0 and that NetFlix uses itl

            Comment

            • #7
              Originally posted by kylew77 View Post
              Didn't know Linux had KTLS, know it was the killer app of FreeBSD 13.0 and that NetFlix uses itl
              Linux has had it since 2017 or so (4.13 release) and is used widely in large enterprises. It has seen some recent improvements as well. Refer to https://docs.kernel.org/networking/tls.html
              • Likes 4

              Comment

              • #8
                Originally posted by RahulSundaram View Post

                Linux has had it since 2017 or so (4.13 release) and is used widely in large enterprises. It has seen some recent improvements as well. Refer to https://docs.kernel.org/networking/tls.html
                Wow thanks the more you know!
                • Likes 1

                Comment

                • #9
                  Originally posted by kylew77 View Post
                  Didn't know Linux had KTLS, know it was the killer app of FreeBSD 13.0 and that NetFlix uses itl
                  as usual linux had it many years before freebsd

                  Comment

                  Previous template Next
                  Working...
                  X