blob: fa0724fd84b4bff62a47992ff305ff6e9c9796f6 [file] [log] [blame]
Thomas Gleixnerec8f24b2019-05-19 13:07:45 +01001# SPDX-License-Identifier: GPL-2.0-only
Dave Watson3c4d7552017-06-14 11:37:39 -07002#
3# TLS configuration
4#
5config TLS
6 tristate "Transport Layer Security support"
David S. Miller54144b42017-06-16 11:28:49 -04007 depends on INET
Dave Watsond807ec62017-06-17 08:25:13 -07008 select CRYPTO
9 select CRYPTO_AES
10 select CRYPTO_GCM
Dave Watsonc46234e2018-03-22 10:10:35 -070011 select STREAM_PARSER
Daniel Borkmannd829e9c2018-10-13 02:45:59 +020012 select NET_SOCK_MSG
Dave Watsond807ec62017-06-17 08:25:13 -070013 default n
Masahiro Yamadaa7f7f622020-06-14 01:50:22 +090014 help
Dave Watson3c4d7552017-06-14 11:37:39 -070015 Enable kernel support for TLS protocol. This allows symmetric
16 encryption handling of the TLS protocol to be done in-kernel.
17
Dave Watsond807ec62017-06-17 08:25:13 -070018 If unsure, say N.
Ilya Lesokhine8f69792018-04-30 10:16:16 +030019
20config TLS_DEVICE
21 bool "Transport Layer Security HW offload"
22 depends on TLS
23 select SOCK_VALIDATE_XMIT
24 default n
25 help
26 Enable kernel support for HW offload of the TLS protocol.
27
28 If unsure, say N.
Jakub Kicinski53b44142019-10-03 11:18:59 -070029
30config TLS_TOE
31 bool "Transport Layer Security TCP stack bypass"
32 depends on TLS
33 default n
34 help
35 Enable kernel support for legacy HW offload of the TLS protocol,
36 which is incompatible with the Linux networking stack semantics.
37
38 If unsure, say N.