Bug 1216950

Summary: openssl-3 should offer ktls capability but has OPENSSL_NO_KTLS enabled
Product: [openSUSE] openSUSE Tumbleweed Reporter: Bruno Friedmann <bruno>
Component: SecurityAssignee: Otto Hollmann <otto.hollmann>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: meissner, otto.hollmann
Version: Current   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE Tumbleweed   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Bruno Friedmann 2023-11-08 08:23:01 UTC 
I've been trying to benefit of ktls support offered by the kernel (6.5.9-1-default as time reporting), but none of the experimentation to implement ktls failed.

This is due because OpenSSL 3.1.4 24 has OPENSSL_NO_KTLS defined.

Would it be possible to review that parameter, and offer developer and user the same capability that other operating system offer (Fedora for example) ?

Thanks
Comment 1 Bruno Friedmann 2023-11-28 08:50:21 UTC 
Ping any news here ?

We (at Bareos) really would like to have at least a statement for this.
Comment 2 Otto Hollmann 2023-12-05 16:08:34 UTC 
KTLS might be problematic in context of our certification (because avoids any crypto implementations from providers), but since it's disabled by default it should be safe to compile library with KTLS support.

I will submit new version with KTLS support enabled.
Comment 3 Otto Hollmann 2024-05-07 12:53:11 UTC 
I added KTLS support in January but unfortunately forgot to mention it in changelog.

Changelog update:
> https://build.opensuse.org/request/show/1172431

Closing this issue.