mirror of
https://github.com/freebsd/freebsd-src
synced 2024-07-21 10:19:04 +00:00
62ca9fc1ad
It has always been the case that KTLS is not compiled by default. However if it is compiled then it was automatically used unless specifically configured not to. This is problematic because it avoids any crypto implementations from providers. A user who configures all crypto to use the FIPS provider may unexpectedly find that TLS related crypto is actually being performed outside of the FIPS boundary. Instead we change KTLS so that it is disabled by default. We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and SSL_MODE_NO_KTLS_TX). Reviewed by: jkim Obtained from: OpenSSL (a3a54179b6754fbed6d88e434baac710a83aaf80) MFC after: 5 days Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D31440 |
||
---|---|---|
.. | ||
heimdal | ||
openssh | ||
openssl | ||
README |
$FreeBSD$ This directory is for the EXACT same use as src/contrib, except it holds crypto sources. In other words, this holds raw sources obtained from various third party vendors, with FreeBSD patches applied. No compilation is done from this directory, it is all done from the src/secure directory. The separation between src/contrib and src/crypto is the result of an old USA law, which made these sources export controlled, so they had to be kept separate.