NSS and Kernel TLS

22 views
Skip to first unread message

清靈語

unread,
May 3, 2023, 4:42:41 AM5/3/23
to dev-tec...@mozilla.org
Hello,

Sorry to bother you, but I was wondering what the NSS team's attitude is towards Kernel TLS and whether there are any plans to support it in the future?

Best regards,
wordlesswind

Dennis Jackson

unread,
May 15, 2023, 7:15:03 AM5/15/23
to 清靈語, dev-tec...@mozilla.org
Dear wordlesswind,

Kernel TLS isn't something we currently have on our roadmap as it doesn't provide much benefit for the types of client applications we typically consider (e.g. Firefox, Thunderbird and similar). I don't know if it's the kind of feature that the Red Hat folks might be interested in though.

Best,
Dennis

--
You received this message because you are subscribed to the Google Groups "dev-tec...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-cryp...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/6a7a7151-b882-4218-98e0-521bc28f704cn%40mozilla.org.

Robert Relyea

unread,
May 23, 2023, 11:59:50 AM5/23/23
to dev-tec...@mozilla.org
On 5/15/23 4:14 AM, Dennis Jackson wrote:
Dear wordlesswind,

Kernel TLS isn't something we currently have on our roadmap as it doesn't provide much benefit for the types of client applications we typically consider (e.g. Firefox, Thunderbird and similar). I don't know if it's the kind of feature that the Red Hat folks might be interested in though.

Best,
Dennis

The kernel crypto is pretty basic and meant to support things that must be encrypted in the kernel itself. There isn't any plan to integrate that with any of our libraries (or much reason to). If there was every an integration point, we would probably do it with a PKCS #11 module (which would transparently replace softoken in NSS, and connect with the PKCS #11 engine in openSSL). Such a plan is currently just a 'hmm what if' and I don't see it materializing any time soon.

bob



On Wed, 3 May 2023 at 09:42, 清靈語 <weplays...@gmail.com> wrote:
Hello,

Sorry to bother you, but I was wondering what the NSS team's attitude is towards Kernel TLS and whether there are any plans to support it in the future?

Best regards,
wordlesswind
--
You received this message because you are subscribed to the Google Groups "dev-tec...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-cryp...@mozilla.org.
To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-tech-crypto/6a7a7151-b882-4218-98e0-521bc28f704cn%40mozilla.org.
--
You received this message because you are subscribed to the Google Groups "dev-tec...@mozilla.org" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dev-tech-cryp...@mozilla.org.
Reply all
Reply to author
Forward
0 new messages