Comments (3)
kTLS doesn't still handle in-kernel handshakes, although work is being carried out by TempestaFW, therefore an user-space library is required to handle the initial handshaking before enabling the TLS TX/RX to the kernel an, if available, to the underlying hardware accelerator.
The kTLS has a pretty limited support for the cyphersuites but the supported ones really cover the most used and secure ones, so for know it's fine to rely on these although in the future additional support can be handled in userspace.
Currently cachegrand requires openssl but only for the bigintegers implementation, not for the encryption, both mbedtls and openssl should be compared to investigate which is the best option.
from cachegrand.
Altghough OpenSSL has a simpler interface, it doesn't really support and the interface is a bit less flexible than mbedtls.
Also for mbedtls I have found this article
https://tia.mat.br/posts/2022/03/23/implementing-tls-in-lwan.html
It covers the usage of coroutines, which are similar to fibers, uses custom recv/send and enables kTLS and therefore it's a perfect reference.
I have also found this wrapper around ktls / mbed that automatically enables kTLS for the sockets using mbed
https://github.com/zliuva/ktlswrapper/blob/master/ktlswrapper.c
from cachegrand.
With mbed going to be used for TLS makes sense to drop OpenSSL entirely and use the BigNum implementation from mbedtls
from cachegrand.
Related Issues (20)
- Implement redis sorted sets commands
- Implement types support in the storage db
- Implement keyspace related commands
- Distributed transactions - clarification needed HOT 11
- Update the hashtable documentation
- Implement redis-compatible (RDB) snapshotting support
- Investigate liblzf segfaults HOT 2
- Implement the SAVE and BGSAVE Redis commands HOT 1
- The SHUTDOWN command needs to be updated to support the SAVE parameter HOT 1
- The shutdown logic needs to be updated to trigger a dump at the shutdown unless the SHUTDOWN NOSAVE command has been issued
- Tests for the high level snapshotting process (implemented in storage_db_snapshot.c mostly)
- Implement a buffering mechanism for the storage backend as implemented for the network backend.
- Fix code scanning alert - Missing return statement
- Prometheus endpoint Segfaults HOT 2
- Add support for io_uring queues cancellation HOT 1
- Implement cluster mode
- Implement multiple database instances support
- Implement the SELECT command
- Implement transactions related commands
- Evaluate Profile-Guided Optimization (PGO) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cachegrand.