4 Dec
2024
4 Dec
'24
3:58 a.m.
On Thu, 14 Nov 2024 16:50:49 +0100 Sabrina Dubroca wrote:
This adds the possibility to change the key and IV when using TLS1.3. Changing the cipher or TLS version is not supported.
Once we have updated the RX key, we can unblock the receive side. If the rekey fails, the context is unmodified and userspace is free to retry the update or close the socket.
This change only affects tls_sw, since 1.3 offload isn't supported.
Acked-by: Jakub Kicinski kuba@kernel.org