#2508 closed enhancement (invalid)
Default enable-ktls in debian 12(bookworm) release package
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-package | Version: | 1.19.x |
| Keywords: | Cc: | ||
| uname -a: | Linux jp 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 GNU/Linux | ||
| nginx -V: | Linux jp 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 GNU/Linux | ||
Description
For now, debian 11 nginx package has no enable-ktls, since debian 12 has openssl 3.0 and tls.ko, is it a good device to default enable-ktls in debian 12(bookworm) release package?
Change History (3)
follow-up: 2 comment:1 by , 18 months ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
follow-up: 3 comment:2 by , 18 months ago
I mean in here http://nginx.org/packages/mainline/debian/dists/bookworm/, nginx package default configure add: --with-openssl-opt=enable-ktls
Replying to Maxim Dounin:
As long as OpenSSL is compiled with the "enable-ktls" option, nginx will be able to use kernel TLS once enabled in the kernel and in OpenSSL (see 65946a191197 commit log for details). That is, no changes to the nginx package are needed.
comment:3 by , 18 months ago
Replying to xqdoo00o@…:
I mean in here http://nginx.org/packages/mainline/debian/dists/bookworm/, nginx package default configure add: --with-openssl-opt=enable-ktls
Packages are built with system OpenSSL library, so using the --with-openssl-opt configure option will do nothing.
As long as OpenSSL is compiled with the "enable-ktls" option, nginx will be able to use kernel TLS once enabled in the kernel and in OpenSSL (see 65946a191197 commit log for details). That is, no changes to the nginx package are needed.