diff options
author | Kevin Lin <developer@kevinlin.info> | 2022-04-06 19:39:48 -0700 |
---|---|---|
committer | dormando <dormando@rydia.net> | 2022-07-03 17:56:31 -0700 |
commit | 69e732ab6f9da866867a355fd88ebfa453531344 (patch) | |
tree | 00ee2733ac749023e9df27c47b29144ca67f8ec2 /doc | |
parent | b1171b6b91808421516e8a31732c38928709f906 (diff) | |
download | memcached-69e732ab6f9da866867a355fd88ebfa453531344.tar.gz |
tls: Add switch to opt-in to kernel TLS on OpenSSL 3.0.0+
Diffstat (limited to 'doc')
-rw-r--r-- | doc/tls.txt | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/tls.txt b/doc/tls.txt index e7fe2ca..974be58 100644 --- a/doc/tls.txt +++ b/doc/tls.txt @@ -18,6 +18,12 @@ will use new certificates without a need of re-starting the server process. # Multiple ports with and without TLS : by default all TCP ports are secured. Optionally we can setup the server to secure a specific TCP port. +# Kernel TLS offload (kTLS): when compiled with OpenSSL 3.0.0+ with the `enable-ktls` build-time +option set, and running on Linux with kernel version 4.17+ with `CONFIG_TLS` enabled, memcached can +transparently offload cryptography operations to the kernel. Depending on a variety of factors +(including the workload, NIC support for HW-accelerated cryptography, ciphers in use, etc.), +kTLS may offer improved throughput and/or reduced memcached resource consumption. + Note that initial implementation does not support session renegotiation. Design |