Provided by: ktls-utils_0.9-2_amd64 bug

NAME
       tlshd.conf - tlshd configuration file


SYNOPSIS
       /etc/tlshd.conf


DESCRIPTION
       The  tlshd  program implements a user agent that services TLS handshake requests on behalf
       of kernel TLS consumers.  Its configuration file contains  information  that  the  program
       reads when it starts up.  The file is designed to be human readable and contains a list of
       keywords with values that provide various types of information.  The configuration file is
       considered a trusted source of information.

       The  tlshd  program  reads  this file once when it is launched.  Thus changes made in this
       file take effect only when the lshd program is restarted.  If this file  does  not  exist,
       the tlshd program exits immediately.


OPTIONS
       The configuration file is split into sections.

       The  [main]  section  specifies run-time settings for the tlshd program.  In this section,
       there are two available options:

       debug  This option specifies an integer which indicates the debug  message  level.   Zero,
              the quietest setting, is the default.

       tlsdebug
              This  option  specifies  an integer which indicates the debug message level for TLS
              library calls.  Zero, the quietest setting, is the default.

       nl_debug
              This option specifies an integer  which  indicates  the  debug  message  level  for
              netlink operations.  Zero, the quietest setting, is the default.

       keyrings
              This  option  specifies a semicolon-separated list of auxiliary keyrings that might
              contain handshake authentication tokens.   tlshd  links  these  keyrings  into  its
              session  keyring.   The  configuration  file may specify either a keyring's name or
              serial number.  The default is to provide no keyring.

       The [authentication] section specifies default authentication material  when  establishing
       TLS  sessions.   There  are  two  subsections:  [client]and[server].   In  each  of  these
       subsections, there are two available options:

       x509.certificate
              This option specifies the  pathname  of  a  file  containing  a  PEM-encoded  x.509
              certificate  that  is  to  be  presented during a ClientHello request when no other
              certificate is available.

       x509.private_key
              This option specifies the pathname of a file containing a PEM-encoded  private  key
              associated with the above certificate.


NOTES
       This  software  is  a  prototype.   It's  purpose  is for demonstration and as a proof-of-
       concept.  USE THIS SOFTWARE AT YOUR OWN RISK.


SEE ALSO
       tlshd(8)


AUTHOR
       Chuck Lever

                                           20 Oct 2022                              tlshd.conf(5)