tls.rst - OpenGrok cross reference for /linux-6.14.4/Documentation/networking/tls.rst

Lines Matching +full:use +full:- +full:handshake
11 TCP. TLS provides end-to-end data integrity and confidentiality.
17 -------------------------
21 .. code-block:: c
28 handshake is complete, we have all the parameters required to move the
29 data-path to the kernel. There is a separate socket option for moving
32 .. code-block:: c
65 ----------------------------
71 .. code-block:: c
82 .. code-block:: c
94 either the entire send() call will return -ENOMEM (or block waiting
96 -ENOMEM and some data was left on the socket buffer from a previous
100 ------------------------------
106 .. code-block:: c
124 -------------------------
127 messages (record type 21) and handshake messages (record type 22), etc.
132 .. code-block:: c
147         cmsg->cmsg_level = SOL_TLS;
148         cmsg->cmsg_type = TLS_SET_RECORD_TYPE;
149         cmsg->cmsg_len = CMSG_LEN(cmsg_len);
151         msg.msg_controllen = cmsg->cmsg_len;
165 ------------------------------
172 .. code-block:: c
190   if (cmsg->cmsg_level == SOL_TLS &&
191       cmsg->cmsg_type == TLS_GET_RECORD_TYPE) {
204 -------------------
206 In TLS 1.3, KeyUpdate handshake messages signal that the sender is
227 counts KeyUpdate handshake messages that have been received.
230 ---------------------------------------
235 A patchset to OpenSSL to use ktls as the record layer is
238 `An example <https://github.com/ktls/af_ktls-tool/commits/RX>`_
239 of calling send directly after a handshake using gnutls.
244 ----------------------
246 There are certain condition-specific optimizations the TLS ULP can make,
248 or may impact correctness, hence they require an opt-in.
249 All options are set per-socket using setsockopt(), and their
256 to the NIC without making an in-kernel copy. This allows true zero-copy
261 applicable if the data sent on a socket via sendfile() is read-only.
284 TLS implementation exposes the following per-namespace statistics
287 - ``TlsCurrTxSw``, ``TlsCurrRxSw`` -
291 - ``TlsCurrTxDevice``, ``TlsCurrRxDevice`` -
295 - ``TlsTxSw``, ``TlsRxSw`` -
298 - ``TlsTxDevice``, ``TlsRxDevice`` -
301 - ``TlsDecryptError`` -
304 - ``TlsDeviceRxResync`` -
307 - ``TlsDecryptRetry`` -
308   number of RX records which had to be re-decrypted due to
309   ``TLS_RX_EXPECT_NO_PAD`` mis-prediction. Note that this counter will
310   also increment for non-data records.
312 - ``TlsRxNoPadViolation`` -
313   number of data RX records which had to be re-decrypted due to
314   ``TLS_RX_EXPECT_NO_PAD`` mis-prediction.
316 - ``TlsTxRekeyOk``, ``TlsRxRekeyOk`` -
319 - ``TlsTxRekeyError``, ``TlsRxRekeyError`` -
322 - ``TlsRxRekeyReceived`` -
323   number of received KeyUpdate handshake messages, requiring userspace