tls: Add switch to opt-in to kernel TLS on OpenSSL 3.0.0+

author: Kevin Lin <developer@kevinlin.info> 2022-04-06 19:39:48 -0700
committer: dormando <dormando@rydia.net> 2022-07-03 17:56:31 -0700
commit: 69e732ab6f9da866867a355fd88ebfa453531344 (patch)
tree: 00ee2733ac749023e9df27c47b29144ca67f8ec2 /doc
parent: b1171b6b91808421516e8a31732c38928709f906 (diff)
download: memcached-69e732ab6f9da866867a355fd88ebfa453531344.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/tls.txt b/doc/tls.txt
index e7fe2ca..974be58 100644
--- a/doc/tls.txt
+++ b/doc/tls.txt
@@ -18,6 +18,12 @@ will use new certificates without a need of re-starting the server process.
 # Multiple ports with and without TLS : by default all TCP ports are secured. Optionally we can setup
 the server to secure a specific TCP port.
 
+# Kernel TLS offload (kTLS): when compiled with OpenSSL 3.0.0+ with the `enable-ktls` build-time
+option set, and running on Linux with kernel version 4.17+ with `CONFIG_TLS` enabled, memcached can
+transparently offload cryptography operations to the kernel. Depending on a variety of factors
+(including the workload, NIC support for HW-accelerated cryptography, ciphers in use, etc.),
+kTLS may offer improved throughput and/or reduced memcached resource consumption.
+
 Note that initial implementation does not support session renegotiation.
 
 Design
author	Kevin Lin <developer@kevinlin.info>	2022-04-06 19:39:48 -0700
committer	dormando <dormando@rydia.net>	2022-07-03 17:56:31 -0700
commit	69e732ab6f9da866867a355fd88ebfa453531344 (patch)
tree	00ee2733ac749023e9df27c47b29144ca67f8ec2 /doc
parent	b1171b6b91808421516e8a31732c38928709f906 (diff)
download	memcached-69e732ab6f9da866867a355fd88ebfa453531344.tar.gz