diff options
| author | Kevin Lin <developer@kevinlin.info> | 2022-04-06 19:39:48 -0700 |
|---|---|---|
| committer | dormando <dormando@rydia.net> | 2022-07-03 17:56:31 -0700 |
| commit | 69e732ab6f9da866867a355fd88ebfa453531344 (patch) | |
| tree | 00ee2733ac749023e9df27c47b29144ca67f8ec2 /memcached.c | |
| parent | b1171b6b91808421516e8a31732c38928709f906 (diff) | |
| download | memcached-69e732ab6f9da866867a355fd88ebfa453531344.tar.gz | |
tls: Add switch to opt-in to kernel TLS on OpenSSL 3.0.0+
Diffstat (limited to 'memcached.c')
| -rw-r--r-- | memcached.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/memcached.c b/memcached.c index 6623dec..41518d2 100644 --- a/memcached.c +++ b/memcached.c @@ -233,6 +233,7 @@ static void settings_init(void) { settings.ssl_last_cert_refresh_time = current_time; settings.ssl_wbuf_size = 16 * 1024; // default is 16KB (SSL max frame size is 17KB) settings.ssl_session_cache = false; + settings.ssl_kernel_tls = false; settings.ssl_min_version = TLS1_2_VERSION; #endif /* By default this string should be NULL for getaddrinfo() */ @@ -1976,6 +1977,7 @@ void process_stat_settings(ADD_STAT add_stats, void *c) { APPEND_STAT("ssl_ca_cert", "%s", settings.ssl_ca_cert ? settings.ssl_ca_cert : "NULL"); APPEND_STAT("ssl_wbuf_size", "%u", settings.ssl_wbuf_size); APPEND_STAT("ssl_session_cache", "%s", settings.ssl_session_cache ? "yes" : "no"); + APPEND_STAT("ssl_kernel_tls", "%s", settings.ssl_kernel_tls ? "yes" : "no"); APPEND_STAT("ssl_min_version", "%s", ssl_proto_text(settings.ssl_min_version)); #endif #ifdef PROXY @@ -4069,6 +4071,7 @@ static void usage(void) { " (default: %u)\n", settings.ssl_wbuf_size / (1 << 10)); printf(" - ssl_session_cache: enable server-side SSL session cache, to support session\n" " resumption\n" + " - ssl_kernel_tls: enable kernel TLS offload\n" " - ssl_min_version: minimum protocol version to accept (default: %s)\n" #if defined(TLS1_3_VERSION) " valid values are 0(%s), 1(%s), 2(%s), or 3(%s).\n", @@ -4743,6 +4746,7 @@ int main (int argc, char **argv) { SSL_CA_CERT, SSL_WBUF_SIZE, SSL_SESSION_CACHE, + SSL_KERNEL_TLS, SSL_MIN_VERSION, #endif #ifdef PROXY @@ -4802,6 +4806,7 @@ int main (int argc, char **argv) { [SSL_CA_CERT] = "ssl_ca_cert", [SSL_WBUF_SIZE] = "ssl_wbuf_size", [SSL_SESSION_CACHE] = "ssl_session_cache", + [SSL_KERNEL_TLS] = "ssl_kernel_tls", [SSL_MIN_VERSION] = "ssl_min_version", #endif #ifdef PROXY @@ -5483,6 +5488,9 @@ int main (int argc, char **argv) { case SSL_SESSION_CACHE: settings.ssl_session_cache = true; break; + case SSL_KERNEL_TLS: + settings.ssl_kernel_tls = true; + break; case SSL_MIN_VERSION: { int min_version; if (subopts_value == NULL) { |