Merge branch 'main' into op-legacy-server-connect

python · hugovk · Dec 20, 2022 · Jun 17, 2022 · Jun 17, 2022 · Jul 6, 2022
commit b7d3f5c1bd517459c704f617ecfeb2367492d4c9
@@ -807,6 +807,22 @@ Constants
 
    .. versionadded:: 3.10
 
+.. data:: OP_ENABLE_KTLS
+
+   Enable the use of the kernel TLS. To benefit from the feature, OpenSSL must
+   have been compiled with support for it, and the negotiated cipher suites and
+   extensions must be supported by it (a list of supported ones may vary by
+   platform and kernel version).
+
+   Note that with enabled kernel TLS some cryptographic operations are
+   performed by the kernel directly and not via any available OpenSSL
+   Providers. This might be undesirable if, for example, the application
+   requires all cryptographic operations to be performed by the FIPS provider.
+
+   This option is only available with OpenSSL 3.0.0 and later.
+
+   .. versionadded:: 3.12
+
 .. data:: OP_LEGACY_SERVER_CONNECT
 
    Allow legacy insecure renegotiation between OpenSSL and unpatched servers