linux/net/tls/Kconfig
Jakub Kicinski 53b4414a70 net/tls: allow compiling TLS TOE out
TLS "record layer offload" requires TOE, and bypasses most of
the normal networking stack. It is also significantly less
maintained. Allow users to compile it out to avoid issues.

Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: John Hurley <john.hurley@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-10-04 14:07:07 -07:00

39 lines
855 B
Plaintext

# SPDX-License-Identifier: GPL-2.0-only
#
# TLS configuration
#
config TLS
tristate "Transport Layer Security support"
depends on INET
select CRYPTO
select CRYPTO_AES
select CRYPTO_GCM
select STREAM_PARSER
select NET_SOCK_MSG
default n
---help---
Enable kernel support for TLS protocol. This allows symmetric
encryption handling of the TLS protocol to be done in-kernel.
If unsure, say N.
config TLS_DEVICE
bool "Transport Layer Security HW offload"
depends on TLS
select SOCK_VALIDATE_XMIT
default n
help
Enable kernel support for HW offload of the TLS protocol.
If unsure, say N.
config TLS_TOE
bool "Transport Layer Security TCP stack bypass"
depends on TLS
default n
help
Enable kernel support for legacy HW offload of the TLS protocol,
which is incompatible with the Linux networking stack semantics.
If unsure, say N.