Setting up the hardware offload was totally easy and painless:
ssl_conf_command Options KTLS; in nginx.conf and then ethtool -K tls-hw-tx-offload on; ethtool -K tls-hw-rx-offload on;, for both nics of the bond.
An easy way to verify is looking at /proc/net/tls_stat.
A website with some helpful info is https://delthas.fr/blog/2023/kernel-tls/ , although the info that only AES128 works seems to be outdated as I got AES256 to work without problems as long as I stayed in TLS1.2.
=> More informations about this toot | View the thread | More toots from electronic_eel@treehouse.systems
text/geminiThis content has been proxied by September (ba2dc).