Fedora Engineering and Steering Committee (FESCo) approvedAccelerating GnuTLS with Kernel TLS (kTLS) and will be available on Fedora 38 next spring.

To provide higher performance for GnuTLS on Fedora, Fedora 38 wants to load the Kernel TLS (KTLS) module as part of the encryption strategy. In this way, GnuTLS leverages KTLS to offload encryption/decryption to the kernel, especially in scenarios such as network block devices, which helps reduce data copying and context switching.Even for systems lacking cryptographic offload hardware, kTLS can improve performance because its work may end up being done on a different CPU core than the application.

This change proposal was led by Red Hat, with a particular focus on delivering higher performance for network block devices.

Red Hat engineers want to accelerate GnuTLS with Kernel TLS, enabling faster live virtual machine migrations, increasing the speed of encrypted network block devices, and other similar use cases. If there is a problem with KTLS, GnuTLS will fall back to running in the existing user mode.

Check out this Fedora Wiki pageLearn more about this proposed change.