[PATCH 09/13] nvme-tcp: sanitize TLS key handling

Sagi Grimberg sagi at grimberg.me
Thu Mar 7 03:03:04 PST 2024



On 27/01/2024 11:30, hare at kernel.org wrote:
> From: Hannes Reinecke <hare at suse.de>
>
> There is a difference between TLS configured (ie the user has
> provisioned/requested a key) and TLS enabled (ie the connection
> is encrypted with TLS).

When would the latter happen without the former?

> So to differentiate between those two states store the provisioned
> key in opts->tls_key (as we're using the same TLS key for all queues)
> and the key serial of the key negotiated by the TLS handshake
> in queue->tls_key.

Does nvmet generate a different key for each queue?



More information about the Linux-nvme mailing list