Fedora 38 Cleared To Accelerate GnuTLS With Kernel TLS
In aiming to provide greater performance for GnuTLS on Fedora Linux systems, Fedora 38 is aiming to have the Kernel TLS (KTLS) module loaded as part of the crypto policies. GnuTLS will make use of KTLS for offloading encryption/decryption to the kernel and should help especially in cases like network block devices in reducing data copies and context switching. Even for systems lacking crypto offloading hardware, KTLS can yield performance speed-ups with the work possibly ending up on a separate CPU core(s) from the application thread(s).
Red Hat engineers hope that accelerating GnuTLS with Kernel TLS will lead to faster live VM migrations, increased speed for encrypted network block devices, and similar use-cases. In the event of KTLS problems, GnuTLS will fall-back to existing user-mode operation. The Fedora Wiki outlines the changes while the news this week is that the Fedora Engineering and Steering Committee (FESCo) has accepted this change for F38, which is due out next spring.