Kamfanin Netflix don gwada aiwatar da matakin kernel na FreeBSD na TLS (KTLS), wanda ke ba da damar haɓaka haɓakar ɓoyayyen ɓoyayyen ɓoyayyen ɓoyayyun TCP. Yana goyan bayan haɓaka ɓoyayyen bayanan da aka watsa ta amfani da ka'idojin TLS 1.0 da 1.2 da aka aika zuwa soket ta amfani da ayyukan rubutu, aio_write da aika fayil.
Ba a tallafawa musanya maɓalli na matakin kernel kuma dole ne a fara kafa haɗin gwiwa kuma a fara tattaunawa a cikin sararin mai amfani. Don canja wurin zuwa kernel maɓallin zaman da aka samu yayin aiwatar da shawarwarin haɗin kai don soket, an ƙara zaɓin TCP_TXTLS_ENABLE, bayan kunna wanda duk bayanan da aka aika zuwa soket za a ɓoye su cikin firam ɗin TLS ta amfani da ƙayyadaddun maɓallin. Don aika saƙonnin sabis, misali don yin shawarwari dangane, ya kamata ku yi amfani da aikin sendmsg tare da nau'in rikodin TLS_SET_RECORD_TYPE.
Ana tallafawa manyan hanyoyi guda biyu na ɓoyayyen firam ɗin TLS: software da ifnet (ta amfani da haɓakar katunan cibiyar sadarwa). Ana aiwatar da zaɓin hanyar ta amfani da
zaɓuɓɓukan soket TCP_TXTLS_MODE. Hanyar software tana ba ku damar haɗa bayanan baya daban-daban don ɓoyewa. A matsayin misali, ktls_ocf.ko baya tare da tallafi ga AES-GCM, wanda aka aiwatar bisa tsarin OpenCrypto, an buga shi. Ana ba da sysctls da yawa don gudanarwa a cikin reshen kern.ipc.tls.*. Lokacin gina kwaya, ana kunna tallafin TLS ta amfani da zaɓin KERN_TLS.
source: budenet.ru