Khamphani ea Netflix bakeng sa ho lekola ts'ebetsong ea boemo ba kernel ea FreeBSD ea TLS (KTLS), e lumellang keketseho e kholo ea ts'ebetso ea encryption bakeng sa li-sockets tsa TCP. E ts'ehetsa ho potlakisa ha encryption ea data e fetisoang ho sebelisoa liprothokholo tsa TLS 1.0 le 1.2 tse rometsoeng soketeng ho sebelisoa mesebetsi ea ho ngola, aio_write le sendfile.
Phapanyetsano ea linotlolo tsa boemo ba kernel ha e tšehetsoe mme khokahano e tlameha ho theoa pele le ho buisanoa sebakeng sa basebelisi. Ho fetisetsa ho kernel senotlolo sa seboka se fumanoeng nakong ea puisano ea puisano bakeng sa li-sockets, khetho ea TCP_TXTLS_ENABLE e kenyelitsoe, ka mor'a hore ho sebelisoe lintlha tsohle tse rometsoeng ho sokete li tla kenngoa liforeimi tsa TLS ho sebelisa senotlolo se boletsoeng. Ho romella melaetsa ea lits'ebeletso, mohlala ho buisana le khokahanyo, u lokela ho sebelisa tšebetso ea sendmsg ka mofuta oa rekoto ea TLS_SET_RECORD_TYPE.
Mekhoa e 'meli e meholo ea ho koala liforeimi tsa TLS e tšehetsoa: software le ifnet (ho sebelisa hardware acceleration ea likarete tsa marang-rang). Khetho ea mokhoa o etsoa ho sebelisoa
likhetho tsa socket TCP_TXTLS_MODE. Mokhoa oa software o u lumella ho hokahanya li-backends tse fapaneng bakeng sa encryption. E le mohlala, ktls_ocf.ko backend e nang le tšehetso bakeng sa AES-GCM, e kentsoeng ts'ebetsong ho latela moralo oa OpenCrypto, e hatisitsoe. Ho fanoa ka li-sysctl tse 'maloa bakeng sa tsamaiso ka har'a lekala la kern.ipc.tls.*. Ha o haha kernel, tšehetso ea TLS e lumelloa ho sebelisa khetho ea KERN_TLS.
Source: opennet.ru