support kernel TLS and offload on Linux

[wfurt]

Linux Kernel supports TLS framing and it also allows to offload encryption to network interface if the HW supports it.
https://www.kernel.org/doc/html/latest/networking/tls-offload.html

In essence after initial handshake and certificate validation, symmetric session keys ar negotiated. The build encryption is pretty simple and it can be done by kernel, possibly with HW offload.
There is already support for this in OpenSSL when using standard BIO interface. SslStream does not use that so we cannot benefit from it even on system with HW support.

This can provide interesting performance benefit.

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Linux Kernel supports TLS framing and it also allows to offload encryption to network interface if the HW supports it.
https://www.kernel.org/doc/html/latest/networking/tls-offload.html

In essence after initial handshake and certificate validation, symmetric session keys ar negotiated. The build encryption is pretty simple and it can be done by kernel, possibly with HW offload.
There is already support for this in OpenSSL when using standard BIO interface. SslStream does not use that so we cannot benefit from it even on system with HW support.

This can provide interesting performance benefit.

Author:	wfurt
Assignees:	-
Labels:	area-System.Net.Security, os-linux
Milestone:	-

[karelz]

Triage: Worth investigation if it would help perf in certain scenarios.
Once the HW is available and usable in Cloud, it could bring non-trivial savings