OpenSolaris

1. Project: Kernel SSL Enhancements
   1. Announcements
   2. Events
   3. News
   4. Blogs
   5. Discussions
   6. Leaders
   7. Observers
   8. Files
   9. KSSL debugging
      1. KSSL debugging suite
   10. Development ideas
   11. KSSL internals
       1. KSSL source code
       2. KSSL configuration
       3. KSSL record processing
       4. KSSL stubs
       5. KSSL connection handling
   12. KSSL architecture

OpenSolaris Project: Kernel SSL Enhancements

View the leaders for this project
Project Observers

Endorsing communities

Security

OpenSolaris has a kernel level SSL server proxy (KSSL) that can be used for improved SSL performance on the server side. It can be configured as a proxy for a non-SSL server (e.g. web servers like Apache and Sun web server) to communicate with a SSL client.

There is an ongoing effort to add new features to KSSL. This project provides a place for that ongoing effort. Possible initial enhancements include:

• Debugging tools and scripts (see KSSL debugging suite)
• Add IPv6 support
• Add support for TLS 1.1, and TLS 1.2
• Performance optimizations
• Add support for client authentication
• Add support for ECC cipher suites

If you would like to be involved with this project, the best way to get started is to join the project development mailing list. If there is something in particular you are looking for, please feel free to ask.

This KSSL presentation offers an overview of KSSL and goes in to the design details.

Announcements

03 Jun 2009	KSSL debugging suite published
29 May 2009	KSSL is now open

Blogs

yenduri - T5440 AES crypto performance

Jun 3, 5:28 PM

The following numbers from a kernel micro benchmark run on a T5440 show that the crypto stack scales nicely in the current build, snv_117. This micro benchmark calls crypto_encrypt() in a loop for ...

vlad - KSSL project is now open

Jun 3, 3:45 AM

I have spent some time fixing bugs in KSSL (kernel SSL proxy) implementation in Solaris and got familar with it (and the KSSL development team) so with delight I can co-announce that the KSSL project ...

yenduri - Removing that last impediment to scalability!

May 29, 5:15 PM

The following para from a paper by Bryan Cantrill and Jeff Bonwick captures my state of mind this week - Prepare for the thrill of victory—and the agony of defeat. Making a system scale can be a ...

yenduri - Kernel SSL deep dive presentation

May 20, 8:04 AM

Slides from Kernel SSL deep dive presentation A while back, I gave a deep dive presentation on Kernel SSL to an internal audience. I am making it available here.

yenduri - ksslcfg(1M) and the -T option on S10

May 15, 3:57 PM

ksslcfg(1M) and the -T option on S10 ksslcfg(1m) has a -T option. From the man page - -T token_label          When pkcs11 is specified with -f, uses the PKCS#11 token          specified in ...