[PATCH 16/16] nvmet-tcp: support secure channel concatenation
Hannes Reinecke
hare at suse.de
Thu Jul 18 00:34:27 PDT 2024
On 7/18/24 00:36, Sagi Grimberg wrote:
>
>
> On 17/07/2024 12:10, Hannes Reinecke wrote:
>> Evaluate the SC_C flag during DH-CHAP-HMAC negotiation and insert
>> the generated PSK once negotiation has finished.
>
> Will look in details at the patch, but first a question,
> IIRC TLS enabled ports should only allow host to connect
> over TLS. How does this change now?
>
It didn't. We always had the possibility to set 'treq' to
'not required', which then will allow for either.
(In case you wondered: that was implemented with the last
patch to my TLS series, implementing a 'peek' on icreq to
figure out whether TLS should be started or not.)
> Plus, what does the discovery service tell hosts about such
> discovery log entries?
That's what the 'treq' bits are for; 'required' means you
have to use TLS, 'not required' means you _may_ use TLS
(ie both TLS and none-TLS connections are allowed).
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list