# For developers: keep it sorted alphabetically
my @disablables = (
+ "ktls",
"afalgeng",
"aria",
"asan",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"zlib-dynamic" => "default",
+ "ktls" => "default",
);
# Note: => pair form used for aesthetics, not to truly make a hash table
push @{$config{openssl_feature_defines}}, "OPENSSL_NO_AFALGENG" if ($disabled{afalgeng});
+unless ($disabled{ktls}) {
+ $config{ktls}="";
+ if ($target =~ m/^linux/) {
+ my $usr = "/usr/$config{cross_compile_prefix}";
+ chop($usr);
+ if ($config{cross_compile_prefix} eq "") {
+ $usr = "/usr";
+ }
+ my $minver = (4 << 16) + (13 << 8) + 0;
+ my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
+
+ if ($verstr[2] < $minver) {
+ $disabled{ktls} = "too-old-kernel";
+ }
+ } else {
+ $disabled{ktls} = "not-linux";
+ }
+}
+
+push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
+
# Finish up %config by appending things the user gave us on the command line
# apart from "make variables"
foreach (keys %useradd) {
Don't build the AFALG engine. This option will be forced if
on a platform that does not support AFALG.
+ enable-ktls
+ Build with Kernel TLS support. This option will enable the
+ use of the Kernel TLS data-path, which can improve
+ performance and allow for the use of sendfile and splice
+ system calls on TLS sockets. The Kernel may use TLS
+ accelerators if any are available on the system.
+ This option will be forced off on systems that do not support
+ the Kernel TLS data-path.
+
enable-asan
Build with the Address sanitiser. This is a developer option
only. It may not work on all platforms and should never be
projects / oweals / openssl.git / commitdiff