Provided by: ktls-utils_0.9-2build2_amd64 bug

NAME
       tlshd.conf - tlshd configuration file


SYNOPSIS
       /etc/tlshd.conf


DESCRIPTION
       The  tlshd  program  implements a user agent that services TLS handshake requests on behalf of kernel TLS
       consumers.  Its configuration file contains information that the program reads when it  starts  up.   The
       file  is  designed  to be human readable and contains a list of keywords with values that provide various
       types of information.  The configuration file is considered a trusted source of information.

       The tlshd program reads this file once when it is launched.  Thus changes made in this file  take  effect
       only  when  the  lshd  program  is  restarted.   If  this  file  does  not exist, the tlshd program exits
       immediately.


OPTIONS
       The configuration file is split into sections.

       The [main] section specifies run-time settings for the tlshd program.  In this  section,  there  are  two
       available options:

       debug  This  option  specifies  an  integer  which indicates the debug message level.  Zero, the quietest
              setting, is the default.

       tlsdebug
              This option specifies an integer which indicates the debug message level for  TLS  library  calls.
              Zero, the quietest setting, is the default.

       nl_debug
              This  option  specifies an integer which indicates the debug message level for netlink operations.
              Zero, the quietest setting, is the default.

       keyrings
              This option specifies  a  semicolon-separated  list  of  auxiliary  keyrings  that  might  contain
              handshake  authentication  tokens.   tlshd  links  these  keyrings  into its session keyring.  The
              configuration file may specify either a keyring's name  or  serial  number.   The  default  is  to
              provide no keyring.

       The  [authentication]  section  specifies default authentication material when establishing TLS sessions.
       There are two subsections: [client]and[server].  In each of these subsections, there  are  two  available
       options:

       x509.certificate
              This option specifies the pathname of a file containing a PEM-encoded x.509 certificate that is to
              be presented during a ClientHello request when no other certificate is available.

       x509.private_key
              This option specifies the pathname of a file containing a PEM-encoded private key associated  with
              the above certificate.


NOTES
       This  software  is  a  prototype.  It's purpose is for demonstration and as a proof-of-concept.  USE THIS
       SOFTWARE AT YOUR OWN RISK.


SEE ALSO
       tlshd(8)


AUTHOR
       Chuck Lever

                                                   20 Oct 2022                                     tlshd.conf(5)