KTLS is a new feature introduced in Linux 4.13 that performs TLS encryption in the kernel. This will allow us to implement performance optimizations that were previously impossible.
First we need to make sure that kernel module is enabled
> sudo modprobe tls
> modinfo tls
...
Then we need to use rustls to handshake
use tokio_rustls::TlsConnector;
use tokio_rusktls::KtlsStream;
// ...
let connector = TlsConnector::from(config);
TcpStream::connect(&addr)
.and_then(|sock| connector.connect(dnsname, sock))
.and_then(|stream| {
let (io, session) = stream.into_inner();
KtlsStream::new(io, &session)
.map_err(|err| err.error)
})
// ...Please note that ktls currently only supports TLS 1.2 and AES-GCM 128.
Other algorithms will return Error.
This project is licensed under the MIT license.