KTLS should not be on by default

[mattcaswell]

At the moment KTLS support is not built by default. But if built it is on at runtime by default.

This might cause problems. For example If you are using the FIPS module you might reasonable expect all your crypto to be performed inside the module boundary. However, if you are using a KTLS enabled build then that might not be the case if libssl decided it can offload things to the kernel.

A suggestion is to switch the KTLS defaults around - so that it is always built by default if possible, but it is disabled at runtime unless you explicitly ask for it.

[richsalz]

I don't have a strong view as to whether or not it is compiled by default, but a slight preference for not doing so, just like we do for various crypto algorithms, it should be explicitly enabled.

I am opposed to making the run-time be "enabled by default."

Perhaps putting it into the config-file and SSL_conf_cmd support is a good thing to do? That way folks who want it can globally enable it.

[kroeckx]

Does that mean the enable should be for an OSSL_LIB_CTX?

[mattcaswell]

Does that mean the enable should be for an OSSL_LIB_CTX?

At the moment it is handled at the SSL_CTX level via the SSL_MODE_NO_KTLS_TX and SSL_MODE_NO_KTLS_RX modes. These modes default to "on" (if KTLS support has been explicitly enabled at compile time). So, I would envisage keeping it the same but swapping it to be "off" by default at the SSL_CTX level.

[paulidale]

The security policy will need to include build instructions -- not building KTLS here seems reasonable.
Not that this would stop somebody who didn't read the instructions...

[t8m]

We could keep SSL_MODE_NO_KTLS_* and add SSL_OP_ENABLE_KTLS (there are 3 values left unused which is not much but anyway). This would allow both coarse-grained enablement via the options and the configuration file and fine-grained disablement by the SSL*_set_mode().

[t8m]

@mattcaswell what do you think about this proposal? I can implement it if you agree.