Fedora 38 confirms GnuTLS acceleration with Kernel TLS

Fedora 38 confirms GnuTLS acceleration with Kernel TLS

Fedora 38 confirms GnuTLS acceleration with Kernel TLS.

The Fedora Engineering and Steering Committee (FESCo) approved the proposal to accelerate GnuTLS using Kernel TLS (kTLS) and will be available on Fedora 38 next spring.

To provide higher performance for GnuTLS on Fedora, Fedora 38 wants to load the Kernel TLS (KTLS) module as part of the encryption strategy.

In this way, GnuTLS leverages KTLS to offload encryption/decryption to the kernel, especially in scenarios such as network block devices, which helps reduce data copying and context switching.

Even for systems lacking cryptographic offload hardware, kTLS can improve performance because its work may end up being done on a different CPU core than the application.

This change proposal was led by Red Hat, with a particular focus on delivering higher performance for network block devices.

Red Hat engineers want to accelerate GnuTLS with Kernel TLS, enabling faster live virtual machine migrations, increasing the speed of encrypted network block devices, and other similar use cases.

If there is a problem with KTLS, GnuTLS will fall back to running in the existing user mode.

Check out this Fedora Wiki page for more details on this proposed change.