Bug 1216950 - openssl-3 should offer ktls capability but has OPENSSL_NO_KTLS enabled
Summary: openssl-3 should offer ktls capability but has OPENSSL_NO_KTLS enabled
Status: RESOLVED FIXED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security (show other bugs)
Version: Current
Hardware: x86-64 openSUSE Tumbleweed
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Otto Hollmann
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-08 08:23 UTC by Bruno Friedmann
Modified: 2024-05-07 12:53 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bruno Friedmann 2023-11-08 08:23:01 UTC 
I've been trying to benefit of ktls support offered by the kernel (6.5.9-1-default as time reporting), but none of the experimentation to implement ktls failed.

This is due because OpenSSL 3.1.4 24 has OPENSSL_NO_KTLS defined.

Would it be possible to review that parameter, and offer developer and user the same capability that other operating system offer (Fedora for example) ?

Thanks
Comment 1 Bruno Friedmann 2023-11-28 08:50:21 UTC 
Ping any news here ?

We (at Bareos) really would like to have at least a statement for this.
Comment 2 Otto Hollmann 2023-12-05 16:08:34 UTC 
KTLS might be problematic in context of our certification (because avoids any crypto implementations from providers), but since it's disabled by default it should be safe to compile library with KTLS support.

I will submit new version with KTLS support enabled.
Comment 3 Otto Hollmann 2024-05-07 12:53:11 UTC 
I added KTLS support in January but unfortunately forgot to mention it in changelog.

Changelog update:
> https://build.opensuse.org/request/show/1172431

Closing this issue.