Linux 6.4 NFS Server Adds RPC-With-TLS Support

Written by Michael Larabel in Linux Storage on 28 April 2023 at 10:18 AM EDT. 9 Comments
After the patches had been in development for well more than a year, sent out today for the Linux 6.4 merge window are the NFS server (NFSD) changes that include supporting RPC-with-TLS.

As noted in today's pull request of NFSD changes for Linux 6.4:
The big ticket item for this release is support for RPC-with-TLS [RFC 9289] has been added to the Linux NFS server. The goal is to provide a simple-to-deploy, low-overhead in-transit confidentiality and peer authentication mechanism. It can supplement NFS Kerberos and it can protect the use of legacy non-cryptographic user authentication flavors such as AUTH_SYS. The TLS Record protocol is handled entirely by kTLS, meaning it can use either software encryption or offload encryption to smart NICs.

The RPC-with-TLS is outlined in IETF's RFC 9289: "Toward Remote Procedure Call Encryption by Default."
This document describes a mechanism that, through the use of opportunistic Transport Layer Security (TLS), enables encryption of Remote Procedure Call (RPC) transactions while they are in transit. The proposed mechanism interoperates with Open Network Computing (ONC) RPC implementations that do not support it.

For more details on all of the NFSD server updates for Linux 6.4, see the pull request.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week