Fedora 38 Looks To Accelerate GnuTLS With Kernel TLS

Written by Michael Larabel in Fedora on 8 September 2022 at 04:52 AM EDT. 10 Comments
With Fedora 37 approaching release at the end of October, more feature changes for Fedora 38 next spring are continuing to be discussed. One of the interesting proposals this week is enabling acceleration of GnuTLS using the kernel TLS (kTLS).

Fedora 38 is looking to have kTLS for the kernel TLS module loaded as part of the crypto policies so that GnuTLS can enjoy greater performance. A particular focus for this Red Hat led change proposal is on providing greater performance for network block devices.

GnuTLS will make use of kTLS for offloading encryption/decryption to the kernel. The kTLS usage can be particularly beneficial for network block devices in reducing data copies and context switching with the crypto work happening within the kernel. Even for systems lacking crypto offloading hardware, kTLS can yield performance speed-ups with the work possibly ending up on a separate CPU core(s) from the application.

Among the viewed benefits of this proposed Fedora 38 is faster live VM migrations and increased speed when dealing with files on network block devices via encrypted channels. This kTLS usage by GnuTLS would be enabled by default but fallback to existing user-mode operation in case of problems.

More details on this proposed change for Fedora 38 via this Fedora Wiki page.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week