OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
OPT_ENABLE_PHA,
OPT_SCTP_LABEL_BUG,
+ OPT_KTLS,
OPT_R_ENUM, OPT_PROV_ENUM
} OPTION_CHOICE;
{"srp_strength", OPT_SRP_STRENGTH, 'p',
"(deprecated) Minimal length in bits for N"},
#endif
+#ifndef OPENSSL_NO_KTLS
+ {"ktls", OPT_KTLS, '-', "Enable Kernel TLS for sending and receiving"},
+#endif
OPT_R_OPTIONS,
OPT_S_OPTIONS,
int sctp_label_bug = 0;
#endif
int ignore_unexpected_eof = 0;
+#ifndef OPENSSL_NO_KTLS
+ int enable_ktls = 0;
+#endif
FD_ZERO(&readfds);
FD_ZERO(&writefds);
case OPT_ENABLE_PHA:
enable_pha = 1;
break;
+ case OPT_KTLS:
+#ifndef OPENSSL_NO_KTLS
+ enable_ktls = 1;
+#endif
+ break;
}
}
if (ignore_unexpected_eof)
SSL_CTX_set_options(ctx, SSL_OP_IGNORE_UNEXPECTED_EOF);
+#ifndef OPENSSL_NO_KTLS
+ if (enable_ktls)
+ SSL_CTX_set_options(ctx, SSL_OP_ENABLE_KTLS);
+#endif
if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
BIO_printf(bio_err, "Error setting verify params\n");
[B<-srp_lateuser>]
[B<-srp_moregroups>]
[B<-srp_strength> I<number>]
+[B<-ktls>]
{- $OpenSSL::safe::opt_name_synopsis -}
{- $OpenSSL::safe::opt_version_synopsis -}
{- $OpenSSL::safe::opt_x_synopsis -}
Set the minimal acceptable length, in bits, for B<N>. This option is
deprecated.
+=item B<-ktls>
+
+Enable Kernel TLS for sending and receiving.
+This option was introduced in OpenSSL 3.1.0.
+Kernel TLS is off by default as of OpenSSL 3.1.0.
+
{- $OpenSSL::safe::opt_version_item -}
{- $OpenSSL::safe::opt_name_item -}