nginx kTLS support blog post

Mikhail Isachenkov mikhail.isachenkov at
Wed Nov 17 08:12:07 UTC 2021

Hello Reinis,

TLSv1.2 ciphers is supported by kernel as well as TLSv1.3.
If the particular cipher is not supported by kernel, BIO_get_ktls_send() 
function returns zero and SSL sendfile will not be used.

Check for details.

16.11.2021 20:15, Reinis Rozitis пишет:
>> As some of you probably know we added kTLS support in nginx-1.21.4.
> Before testing myself wanted to quickly clarify - does this work in
> combination with older cipher suites (as in fallback from kTLS to standard
> non-kernel) to support older clients which still use tls 1.1 / 1.2 or you
> are locked into using Tls 1.3 ciphers only?
> wbr
> rr
> _______________________________________________
> nginx mailing list
> nginx at

Best regards,
Mikhail Isachenkov
NGINX Professional Services

More information about the nginx mailing list