Fedora 38 Looks To Accelerate GnuTLS With Kernel TLS
Fedora 38 is looking to have kTLS for the kernel TLS module loaded as part of the crypto policies so that GnuTLS can enjoy greater performance. A particular focus for this Red Hat led change proposal is on providing greater performance for network block devices.
GnuTLS will make use of kTLS for offloading encryption/decryption to the kernel. The kTLS usage can be particularly beneficial for network block devices in reducing data copies and context switching with the crypto work happening within the kernel. Even for systems lacking crypto offloading hardware, kTLS can yield performance speed-ups with the work possibly ending up on a separate CPU core(s) from the application.
Among the viewed benefits of this proposed Fedora 38 is faster live VM migrations and increased speed when dealing with files on network block devices via encrypted channels. This kTLS usage by GnuTLS would be enabled by default but fallback to existing user-mode operation in case of problems.
More details on this proposed change for Fedora 38 via this Fedora Wiki page.