[PATCH 09/13] nvme-tcp: sanitize TLS key handling
Hannes Reinecke
hare at suse.de
Thu Mar 7 03:42:04 PST 2024
On 3/7/24 12:03, Sagi Grimberg wrote:
>
>
> On 27/01/2024 11:30, hare at kernel.org wrote:
>> From: Hannes Reinecke <hare at suse.de>
>>
>> There is a difference between TLS configured (ie the user has
>> provisioned/requested a key) and TLS enabled (ie the connection
>> is encrypted with TLS).
>
> When would the latter happen without the former?
>
No. Difference is that 'TLS configured' is a configuration setting
(ie the admin has specified --tls or --tls_key), and 'TLS enabled'
is the result once the queue has been established.
>> So to differentiate between those two states store the provisioned
>> key in opts->tls_key (as we're using the same TLS key for all queues)
>> and the key serial of the key negotiated by the TLS handshake
>> in queue->tls_key.
>
> Does nvmet generate a different key for each queue?
No.
Cheers,
Hannes
More information about the Linux-nvme
mailing list