Provided by: ktls-utils_0.9-2_amd64 bug

NAME

       tlshd - TLS handshake for kernel TLS sockets

SYNOPSIS

       /usr/sbin/tlshd [options]

DESCRIPTION

       The  tlshd  program implements a user agent that services TLS handshake requests on behalf
       of kernel TLS consumers.  Using the accept(2) system call, it materializes  kernel  socket
       endpoints  in  user  space  in order to perform TLS handshakes using a TLS library.  After
       each handshake completes, tlshd plants TLS session metadata  into  the  kernel  socket  to
       enable the use of kTLS to secure subsequent communication on that socket.

OPTIONS

       -c  or  --config
              When specified this option sets the location for tlshd's config file.

       -h  or  --help
              When specified tlshd displays a help message then exits immediately.

       -s  or  --stderr
              When specified this option forces messages to go to both stderr and the system log.
              By default, messages go only to the system log.

       -v  or  --version
              When specified tlshd displays build version information then exits immediately.

ENVIRONMENT VARIABLES

       The  GnuTLS  library  provides  certain  capabilities  that  can  be  enabled  by  setting
       environment  variables before tlshd is started.  More information about these variables is
       available in GnuTLS library documentation.

       SSLKEYLOGFILE
              When set, this variable specifies the pathname  of  a  file  to  which  the  GnuTLS
              library appends negotiated session keys in the NSS Key Log format.  The NSS Key Log
              format can be read by wireshark, enabling decryption of recorded sessions.

       GNUTLS_FORCE_FIPS_MODE
              When set to `1', this variable forces the TLS library into FIPS mode  if  FIPS140-2
              support is available.

NOTES

       This  software  is  a  prototype.   It's  purpose  is for demonstration and as a proof-of-
       concept.  USE THIS SOFTWARE AT YOUR OWN RISK.

SEE ALSO

       tlshd.conf(5), ssl(7)

AUTHOR

       Chuck Lever

                                           20 Dec 2021                                   tlshd(8)