ktls.py provides serveral tests and scripts to play linux kernel TLS in cpython. The idea was inspired from PLAYING WITH KERNEL TLS IN LINUX 4.13 AND GO.
- Linux kernel 4.13 or above (option CONFIG_TLS=y or CONFIG_TLS=m)
- openssl 1.0.x
- The ktls patch of cpython
# install cpython
$ git clone -b v3.6.3-ktls-patch https://github.com/crazyguitar/cpython
$ cd cpython
$ ./configure --prefix=/usr --enable-optimizations
$ make -j 9 && sudo make altinstall
# if CONFIG_TLS=m, run the following commands to check that tls.ko has been inserted.
$ lsmod | grep tls
$ modprobe tls
# run the https server with supporting ktls
$ git clone https://github.com/crazyguitar/ktls.py.git
$ cd ktls.py
$ python3.6 https.py &
$ wget -qO- https://localhost:4433 --no-check-certificate$ vagrant init crazyguitar/xenial64 --box-version 20171205.0.0
$ vagrant up
$ vagrant ssh
vagrant@vagrant:~$ git clone https://github.com/crazyguitar/ktls.py.git
vagrant@vagrant:~$ cd ktls.py
vagrant@vagrant:~/ktls.py$ python3.6 https.py &
[2] 7866
vagrant@vagrant:~/ktls.py$ wget -qO- https://localhost:4433 --no-check-certificate
# insert tls kernel module if tls is built as module
$ sudo modprobe tls
# checking tls kernel module has been inserted
$ $ lsmod | grep tls
tls 20480 0
# run lint
$ make lint
# run tests
$ make test
# run all tests and lint
$ make
- KTLS: Linux Kernel Transport Layer Security
- brno university of technology linux vpn performance and optimization
- Improving High-Bandwidth TLS in the FreeBSD kernel
- Optimizing TLS for High-Bandwidth Applications in FreeBSD
- TLS in the kernel
- djwatson/ktls
- ktls/af_ktls-tool
- torvalds/linux
- Playing with kernel TLS in Linux 4.13 and Go