* Version 3.8.10 (unreleased)
+** libgnutls: Linux kernel version 6.14 bring a Kernel TLS(kTLS) key update
+ support. The library running on the aforementioned version now utilizes the
+ kernel’s key update mechanism when kTLS is enabled, allowing uninterrupted
+ TLS session. The --enable-ktls configure option as well as the system-wide
+ kTLS configuration(see GnuTLS Documentation) are still required to enable
+ this feature.
+
** libgnutls: liboqs support for PQC has been removed
For maintenance purposes, support for post-quantum cryptography
(PQC) is now only provided through leancrypto. The experimental key
cha-library.texi cha-preface.texi cha-programs.texi \
sec-tls-app.texi cha-errors.texi cha-support.texi \
cha-shared-key.texi cha-gtls-examples.texi cha-upgrade.texi \
- cha-tokens.texi cha-crypto.texi cha-auth.texi cha-config.texi
+ cha-tokens.texi cha-crypto.texi cha-auth.texi cha-config.texi \
+ cha-features.texi
AUTOGENED_DOC = invoke-gnutls-cli.texi invoke-gnutls-cli-debug.texi \
invoke-gnutls-serv.texi invoke-certtool.texi invoke-srptool.texi \
ktls = true
@end example
-@subsection Enabling KTLS
+@node Enabling kTLS
+@subsection Enabling kTLS
When GnuTLS is build with -–enable-ktls configuration, KTLS is disabled by default.
This can be enabled by setting @code{ktls = true} in @code{[global]} section.
+kTLS requires that the system support kTLS @ref{kTLS (Kernel TLS)}.
@node Enabling/Disabling RSAES-PKCS1-v1_5
@section Enabling/Disabling RSAES-PKCS1-v1_5
--- /dev/null
+@node Additional Features
+@appendix Additional Features
+
+@menu
+* kTLS (Kernel TLS)::
+@end menu
+
+@node kTLS (Kernel TLS)
+@section kTLS (Kernel TLS)
+@cindex kTLS (Kernel TLS)
+kTLS (Kernel TLS) is a Linux kernel feature that offloads TLS encryption and decryption operations to the kernel space, improving performance and reducing CPU overhead. It allows applications to leverage zero-copy data transmission, reducing context switches between user space and kernel space.
+
+The following table shows how to enable kTLS support on Linux and FreeBSD systems.
+@float Table,tab:ktls_support
+@multitable @columnfractions .40 .30 .30
+@headitem Description @tab Linux @tab FreeBSD
+@item Load kernel module @tab @code{modprobe tls} @tab @code{kldload tls}
+@item Check if module is loaded @tab @code{lsmod | grep tls} @tab @code{kldstat | grep tls}
+@item kTLS rekey support @tab v6.14 @tab not yet supported
+@end multitable
+@caption{kTLS system enable}
+@end float
+
+To enable ktls in GnuTLS @ref{Enabling kTLS}.
+
* Supported ciphersuites::
* API reference::
* Copying Information::
+* Additional Features::
* Bibliography::
* Function and Data Index::
* Concept Index::
@include cha-copying.texi
+@include cha-features.texi
+
@include cha-bib.texi
@node Function and Data Index
* Supported ciphersuites::
* API reference::
* Copying Information::
+* Additional Features::
* Bibliography::
* Function and Data Index::
* Concept Index::
@include cha-copying.texi
+@include cha-features.texi
+
@include cha-bib.texi
@node Function and Data Index
projects / thirdparty / gnutls.git / commitdiff
