kssl(5) Standards, Environments, and Macros kssl(5)NAME
kssl, KSSL - kernel SSL proxy
DESCRIPTION
The KSSL is a transparent server side proxy for SSL/TLS protocol. It
provides processing of SSL traffic in the kernel and thus improving
performance by avoiding context switches and directly accessing kernel
providers of Oracle Solaris Crypto Framework. With KSSL it is possible
to provide SSL protection even for applications which are only able to
communicate in clear text over TCP.
KSSL is configured in the kernel and passes/accepts clear text data
from an application. Together they are visible to the clients as single
SSL server.
The server side application for which KSSL is configured is unaware
that it is receiving data previously protected by SSL. KSSL receives
SSL traffic on one port, for example, 443, performs processing and
passes clear text data to the application listening on another port,
for example, 8080. Similarly, for the outgress direction, application
sends clear text data and KSSL produces SSL records and sends them to
the client. Therefore, the application does not have to be setup for
SSL.
Multiple KSSL instances can be configured on the system, each with sep‐
arate set of properties such as port, certificate, key or cipher
suites. See ksslcfg(1M). Each KSSL instance in the kernel is tracked as
SMF service. See smf(5).
KSSL provides SSL processing for records passed with TCP over IPv4.
KSSL supports the following protocols: SSLv3, TLSv1.0
SEE ALSOksslcfg(1M), smf(5)
T. Dierks, C. Allen, RFC 2246, The TLS Protocol Version 1.0, The Inter‐
net Society, 1999.
SunOS 5.10 1 May 2011 kssl(5)