Opened 12 months ago

Closed 12 months ago

Last modified 12 months ago

#2508 closed enhancement (invalid)

Default enable-ktls in debian 12(bookworm) release package

Reported by: xqdoo00o@… Owned by:
Priority: major Milestone:
Component: nginx-package Version: 1.19.x
Keywords: Cc:
uname -a: Linux jp 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 GNU/Linux
nginx -V: Linux jp 6.1.0-9-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.27-1 (2023-05-08) x86_64 GNU/Linux

Description

For now, debian 11 nginx package has no enable-ktls, since debian 12 has openssl 3.0 and tls.ko, is it a good device to default enable-ktls in debian 12(bookworm) release package?

Change History (3)

comment:1 by Maxim Dounin, 12 months ago

Resolution: invalid
Status: newclosed

As long as OpenSSL is compiled with the "enable-ktls" option, nginx will be able to use kernel TLS once enabled in the kernel and in OpenSSL (see 65946a191197 commit log for details). That is, no changes to the nginx package are needed.

in reply to:  1 ; comment:2 by xqdoo00o@…, 12 months ago

I mean in here http://nginx.org/packages/mainline/debian/dists/bookworm/, nginx package default configure add: --with-openssl-opt=enable-ktls
Replying to Maxim Dounin:

As long as OpenSSL is compiled with the "enable-ktls" option, nginx will be able to use kernel TLS once enabled in the kernel and in OpenSSL (see 65946a191197 commit log for details). That is, no changes to the nginx package are needed.

in reply to:  2 comment:3 by Maxim Dounin, 12 months ago

Replying to xqdoo00o@…:

I mean in here http://nginx.org/packages/mainline/debian/dists/bookworm/, nginx package default configure add: --with-openssl-opt=enable-ktls

Packages are built with system OpenSSL library, so using the --with-openssl-opt configure option will do nothing.

Note: See TracTickets for help on using tickets.