Thomas Gleixner | ec8f24b | 2019-05-19 13:07:45 +0100 | [diff] [blame] | 1 | # SPDX-License-Identifier: GPL-2.0-only |
Dave Watson | 3c4d755 | 2017-06-14 11:37:39 -0700 | [diff] [blame] | 2 | # |
| 3 | # TLS configuration |
| 4 | # |
| 5 | config TLS |
| 6 | tristate "Transport Layer Security support" |
David S. Miller | 54144b4 | 2017-06-16 11:28:49 -0400 | [diff] [blame] | 7 | depends on INET |
Dave Watson | d807ec6 | 2017-06-17 08:25:13 -0700 | [diff] [blame] | 8 | select CRYPTO |
| 9 | select CRYPTO_AES |
| 10 | select CRYPTO_GCM |
Dave Watson | c46234e | 2018-03-22 10:10:35 -0700 | [diff] [blame] | 11 | select STREAM_PARSER |
Daniel Borkmann | d829e9c | 2018-10-13 02:45:59 +0200 | [diff] [blame] | 12 | select NET_SOCK_MSG |
Dave Watson | d807ec6 | 2017-06-17 08:25:13 -0700 | [diff] [blame] | 13 | default n |
Masahiro Yamada | a7f7f62 | 2020-06-14 01:50:22 +0900 | [diff] [blame] | 14 | help |
Dave Watson | 3c4d755 | 2017-06-14 11:37:39 -0700 | [diff] [blame] | 15 | Enable kernel support for TLS protocol. This allows symmetric |
| 16 | encryption handling of the TLS protocol to be done in-kernel. |
| 17 | |
Dave Watson | d807ec6 | 2017-06-17 08:25:13 -0700 | [diff] [blame] | 18 | If unsure, say N. |
Ilya Lesokhin | e8f6979 | 2018-04-30 10:16:16 +0300 | [diff] [blame] | 19 | |
| 20 | config TLS_DEVICE |
| 21 | bool "Transport Layer Security HW offload" |
| 22 | depends on TLS |
| 23 | select SOCK_VALIDATE_XMIT |
| 24 | default n |
| 25 | help |
| 26 | Enable kernel support for HW offload of the TLS protocol. |
| 27 | |
| 28 | If unsure, say N. |
Jakub Kicinski | 53b4414 | 2019-10-03 11:18:59 -0700 | [diff] [blame] | 29 | |
| 30 | config TLS_TOE |
| 31 | bool "Transport Layer Security TCP stack bypass" |
| 32 | depends on TLS |
| 33 | default n |
| 34 | help |
| 35 | Enable kernel support for legacy HW offload of the TLS protocol, |
| 36 | which is incompatible with the Linux networking stack semantics. |
| 37 | |
| 38 | If unsure, say N. |