From Newsgroup: muc.lists.freebsd.ports

On 2025-08-21 01:12, J. Terhune wrote:

Are there any plans for getting an updated patch for OpenSSL 3.5 to
support KTLS in the near future?

Jim Terhune
Right Connection Inc

Hi Jim,

I've relied on jhb@ to provide the KTLS patch.

The main and soon-to-be stable/15 branch have OpenSSL 3.5. presumably
with KTLS support.

I need to check, but wasn't KTLS for FreeBSD upstreamed to OpenSSL, so I
could just enable the knob?!


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.ports

On 2025-08-21 06:53, Bernard Spil wrote:

On 2025-08-21 01:12, J. Terhune wrote:

Are there any plans for getting an updated patch for OpenSSL 3.5 to
support KTLS in the near future?


Jim Terhune
Right Connection Inc

Hi Jim,

I've relied on jhb@ to provide the KTLS patch.

The main and soon-to-be stable/15 branch have OpenSSL 3.5. presumably
with KTLS support.

I need to check, but wasn't KTLS for FreeBSD upstreamed to OpenSSL, so
I could just enable the knob?!

FreeBSD KTLS was upstreamed, disabled by default in Configure.
Patched the port, seems to work OK.
Can you test and let me know if this works for you?

diff --git a/security/openssl35/Makefile b/security/openssl35/Makefile
index a415ba0b9bb..21e66e66542 100644
--- a/security/openssl35/Makefile
+++ b/security/openssl35/Makefile
@@ -40,10 +40,9 @@ OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG QUIC SCTP SSL3
TLS1 TLS1_1 TLS1_2

OPTIONS_DEFINE= ASYNC CT FIPS-JITTER KTLS MAN3 RFC3779 SHARED

-OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST MAN3 MD4 ML-DSA ML-KEM NEXTPROTONEG \
+OPTIONS_DEFAULT=ASM ASYNC CT DES EC FIPS GOST KTLS MAN3 MD4 ML-DSA
ML-KEM NEXTPROTONEG \
QUIC RFC3779 RC2 RC4 RMD160 SCTP SHARED SLH-DSA SSE2 \
THREADPOOL THREADS TLS1 TLS1_1 TLS1_2
-#OPTIONS_DEFAULT+= KTLS pending updated KTLS patch

OPTIONS_GROUP_OPTIMIZE_amd64= EC

@@ -130,8 +129,6 @@ I386_CONFIGURE_ON= 386
FIPS-JITTER_CFLAGS= -I${PREFIX}/include
FIPS-JITTER_LDFLAGS= -L${PREFIX}/lib

FIPS-JITTER_BUILD_DEPENDS= ${LOCALBASE}/lib/libjitterentropy.a:devel/libjitterentropy
-KTLS_BROKEN= Pending updated KTLS patch
-KTLS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ktls
LEGACY_VARS= shlibs+=lib/ossl-modules/legacy.so
MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_find-doc-nits
SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER}


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: muc.lists.freebsd.ports

On Thu, Aug 21, 2025 at 06:53:01AM +0000, Bernard Spil wrote:

On 2025-08-21 01:12, J. Terhune wrote:

Are there any plans for getting an updated patch for OpenSSL 3.5 to
support KTLS in the near future?

Jim Terhune
Right Connection Inc

Hi Jim,

I've relied on jhb@ to provide the KTLS patch.

The main and soon-to-be stable/15 branch have OpenSSL 3.5. presumably with KTLS support.

I need to check, but wasn't KTLS for FreeBSD upstreamed to OpenSSL, so I could just enable the knob?!

What about openssl 3.6 if it reaches prodction?
--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism ;
All I want to hear from JEsus Christ is WEll done Good and Faithful servant


--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-admin@muc.de
--- Synchronet 3.21a-Linux NewsLink 1.2