With Fedora 37 set to be released at the end of October, more functional changes to Fedora 38 planned for next spring are continuing to be discussed.One of the interesting proposals this week isAccelerating GnuTLS with Kernel TLS (kTLS).

Fedora 38 is looking to load the Kernel TLS module’s kTLS as part of the encryption strategy so that GnuTLS can achieve higher performance. This change proposal was led by Red Hat, with a particular focus on delivering higher performance for network block devices.

GnuTLS offloads encryption/decryption to the kernel by leveraging kTLS, which is especially beneficial for network block devices, reducing data copying and context switching, while the encryption happens in the kernel. Even for systems lacking cryptographic offload hardware, kTLS can improve performance, as its work may end up being done on a different CPU core than the application.

Another benefit of this proposal for Fedora 38 is that it brings faster live VM migrations, including faster live VM migrations, and faster processing of files on network block devices over encrypted channels. This use of kTLS by GnuTLS will be enabled by default, but will roll back to the existing user-mode operation in case of problems.

Check out this Fedora Wiki page for more details on this proposed change.