1tlshd(8) System Manager's Manual tlshd(8)
2
6 tlshd - TLS handshake for kernel TLS sockets
7
9 /usr/sbin/tlshd [options]
10
12 The tlshd program implements a user agent that services TLS handshake
13 requests on behalf of kernel TLS consumers. Using the accept(2) system
14 call, it materializes kernel socket endpoints in user space in order to
15 perform TLS handshakes using a TLS library. After each handshake com‐
16 pletes, tlshd plants TLS session metadata into the kernel socket to en‐
17 able the use of kTLS to secure subsequent communication on that socket.
18
20 -c or --config
21 When specified this option sets the location for tlshd's config
22 file.
23 -h or --help
25 When specified tlshd displays a help message then exits immedi‐
26 ately.
27 -s or --stderr
29 When specified this option forces messages to go to both stderr
30 and the system log. By default, messages go only to the system
31 log.
32 -v or --version
34 When specified tlshd displays build version information then ex‐
35 its immediately.
36
38 The GnuTLS library provides certain capabilities that can be enabled by
39 setting environment variables before tlshd is started. More informa‐
40 tion about these variables is available in GnuTLS library documenta‐
41 tion.
42 SSLKEYLOGFILE
44 When set, this variable specifies the pathname of a file to
45 which the GnuTLS library appends negotiated session keys in the
46 NSS Key Log format. The NSS Key Log format can be read by wire‐
47 shark, enabling decryption of recorded sessions.
48 GNUTLS_FORCE_FIPS_MODE
50 When set to `1', this variable forces the TLS library into FIPS
51 mode if FIPS140-2 support is available.
52
54 This software is a prototype. It's purpose is for demonstration and as
55 a proof-of-concept. USE THIS SOFTWARE AT YOUR OWN RISK.
56
58 tlshd.conf(5), ssl(7)
59
61 Chuck Lever
62 20 Dec 2021 tlshd(8)