diff options
| author | Tan Zien | 2025-12-28 00:08:33 +0000 |
|---|---|---|
| committer | Hauke Mehrtens | 2026-01-02 23:30:27 +0000 |
| commit | 34836dffb1a06f84a0112982c2a88b2e5e212e87 (patch) | |
| tree | 64b15c57c1e088c7914091fb61390a4932349012 | |
| parent | f49b452cc021a8f7e0145604ff1d88e8c14285dd (diff) | |
| download | openwrt-34836dffb1a06f84a0112982c2a88b2e5e212e87.tar.gz | |
openssl: add kTLS support option
This commit add option to enable kTLS support, improving
performance by offloading TLS encryption and decryption to
kernel space.
- Reduced CPU usage by minimizing data copying between user space
and kernel space.
- Enables the use of the sendfile() system call with encrypted
sockets for zero-copy data transmission.
- Leverages hardware-accelerated NIC that support TLS offloading.
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21306
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
| -rw-r--r-- | package/libs/openssl/Config.in | 8 | ||||
| -rw-r--r-- | package/libs/openssl/Makefile | 7 |
2 files changed, 14 insertions, 1 deletions
diff --git a/package/libs/openssl/Config.in b/package/libs/openssl/Config.in index 871080a4cb..ad2396df0b 100644 --- a/package/libs/openssl/Config.in +++ b/package/libs/openssl/Config.in @@ -26,6 +26,14 @@ config OPENSSL_SMALL_FOOTPRINT Chacha20-Poly1305 is 15% slower. X86_64 drops 1% of its size for 3% of performance. Other arches have not been tested. +config OPENSSL_KTLS + bool + prompt "Enable kTLS support" + select PACKAGE_kmod-tls + help + This will enable kTLS support, allowing data encryption + operations to be performed in kernel space. + config OPENSSL_WITH_ASM bool default y diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index fc80373a07..a50d5e0392 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_VERSION:=3.5.4 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto PKG_BUILD_PARALLEL:=1 @@ -37,6 +37,7 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_OPENSSL_OPTIMIZE_SPEED \ CONFIG_OPENSSL_PREFER_CHACHA_OVER_GCM \ CONFIG_OPENSSL_SMALL_FOOTPRINT \ + CONFIG_OPENSSL_KTLS \ CONFIG_OPENSSL_WITH_ARIA \ CONFIG_OPENSSL_WITH_ASM \ CONFIG_OPENSSL_WITH_ASYNC \ @@ -293,6 +294,10 @@ ifeq ($(CONFIG_OPENSSL_SMALL_FOOTPRINT),y) OPENSSL_OPTIONS += -DOPENSSL_SMALL_FOOTPRINT endif +ifdef CONFIG_OPENSSL_KTLS + OPENSSL_OPTIONS += enable-ktls +endif + ifdef CONFIG_OPENSSL_ENGINE ifdef CONFIG_OPENSSL_ENGINE_BUILTIN OPENSSL_OPTIONS += disable-dynamic-engine |