You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The scope of this ticket is to add support/usage of the SSL_sendfile function, available in OpenSSL 3.x, to the mod_tls module.
The SSL_sendfile function makes use of TLS support in the kernel (where available), to increase performance by avoiding the copying of memory buffers from userland to kernel space. This is mostly beneficial for FTPS downloads; it does not benefit FTPS uploads or directory listings.
From looking through the OpenSSL 3.x source code, it looks like they try to use KTLS automatically, where possible. If that is true, then what changes need to happen, if at all, in mod_tls? The answer is that we can be more efficient, for TLS downloads, in mod_xfer. In that module, there is already a code path for using sendfile(2), to send the entire file, when possible. And right now, mod_xfer falls back to send the data, chunk by chunk, for TLS downloads. It would be more efficient if mod_xfer knew that it could send the entire file, for TLS downloads, at once rather than chunk by chunk.
In addition, we may need to set the SSL_OP_ENABLE_KTLS option; see SSL_CTX_set_options.
The text was updated successfully, but these errors were encountered:
The scope of this ticket is to add support/usage of the
SSL_sendfilefunction, available in OpenSSL 3.x, to themod_tlsmodule.The
SSL_sendfilefunction makes use of TLS support in the kernel (where available), to increase performance by avoiding the copying of memory buffers from userland to kernel space. This is mostly beneficial for FTPS downloads; it does not benefit FTPS uploads or directory listings.See:
From looking through the OpenSSL 3.x source code, it looks like they try to use KTLS automatically, where possible. If that is true, then what changes need to happen, if at all, in
mod_tls? The answer is that we can be more efficient, for TLS downloads, inmod_xfer. In that module, there is already a code path for usingsendfile(2), to send the entire file, when possible. And right now,mod_xferfalls back to send the data, chunk by chunk, for TLS downloads. It would be more efficient ifmod_xferknew that it could send the entire file, for TLS downloads, at once rather than chunk by chunk.In addition, we may need to set the
SSL_OP_ENABLE_KTLSoption; seeSSL_CTX_set_options.The text was updated successfully, but these errors were encountered: