KTLS: Enable KERN_TLS in GENERIC on amd64

Based on discussions on freebsd-arch@, enable KERN_TLS in GENERIC on amd64, but leave it disabled via the sysctl kern.ipc.tls.enable. Users wishing to enable ktls must set kern.ipc.tls.enable=1 While here, fix wording in NOTES to mention that KERN_TLS also does receive now. Sponsored by: Netflix Reviewed by: allanjude Differential Revision: https://reviews.freebsd.org/D28163
2021-01-14 12:44:06 -05:00 · 2021-01-14 12:44:06 -05:00 · efa9c21bca
commit efa9c21bca
parent c3e75b6c1a
2 changed files with 3 additions and 2 deletions
--- a/sys/amd64/conf/GENERIC
+++ b/sys/amd64/conf/GENERIC
@ -37,6 +37,7 @@ options 	TCP_BLACKBOX		# Enhanced TCP event logging
 options 	TCP_HHOOK		# hhook(9) framework for TCP
 options		TCP_RFC7413		# TCP Fast Open
 options 	SCTP_SUPPORT		# Allow kldload of SCTP
+options		KERN_TLS		# TLS transmit & receive offload
 options 	FFS			# Berkeley Fast Filesystem
 options 	SOFTUPDATES		# Enable FFS soft updates support
 options 	UFS_ACL			# Support for access control lists
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@ -666,8 +666,8 @@ options		IPSEC_SUPPORT
 #options 	IPSEC_DEBUG		#debug for IP security


-# TLS framing and encryption of data transmitted over TCP sockets.
-options		KERN_TLS		# TLS transmit offload
+# TLS framing and encryption/decryption of data over TCP sockets.
+options		KERN_TLS		# TLS transmit and receive offload

 #
 # SMB/CIFS requester