Comment by aaronmdjones
3 years ago
The Linux kernel only handles the TLS record layer. It's enough to use sendfile(2) on a TLS socket and that's all -- that's why it was added. Userland is still responsible for the TLS session negotiation and handing off the cryptographic keying material and parameters to the kernel; you still need a userland TLS library like OpenSSL.
No comments yet
Contribute on Hacker News ↗