Provided by: ktls-utils_0.9-2build2_amd64 
NAME
tlshd - TLS handshake for kernel TLS sockets
SYNOPSIS
/usr/sbin/tlshd [options]
DESCRIPTION
The tlshd program implements a user agent that services TLS handshake requests on behalf
of kernel TLS consumers. Using the accept(2) system call, it materializes kernel socket
endpoints in user space in order to perform TLS handshakes using a TLS library. After
each handshake completes, tlshd plants TLS session metadata into the kernel socket to
enable the use of kTLS to secure subsequent communication on that socket.
OPTIONS
-c or --config
When specified this option sets the location for tlshd's config file.
-h or --help
When specified tlshd displays a help message then exits immediately.
-s or --stderr
When specified this option forces messages to go to both stderr and the system log.
By default, messages go only to the system log.
-v or --version
When specified tlshd displays build version information then exits immediately.
ENVIRONMENT VARIABLES
The GnuTLS library provides certain capabilities that can be enabled by setting
environment variables before tlshd is started. More information about these variables is
available in GnuTLS library documentation.
SSLKEYLOGFILE
When set, this variable specifies the pathname of a file to which the GnuTLS
library appends negotiated session keys in the NSS Key Log format. The NSS Key Log
format can be read by wireshark, enabling decryption of recorded sessions.
GNUTLS_FORCE_FIPS_MODE
When set to `1', this variable forces the TLS library into FIPS mode if FIPS140-2
support is available.
NOTES
This software is a prototype. It's purpose is for demonstration and as a proof-of-
concept. USE THIS SOFTWARE AT YOUR OWN RISK.
SEE ALSO
tlshd.conf(5), ssl(7)
AUTHOR
Chuck Lever
20 Dec 2021 tlshd(8)