Bug #14767


retire kssl

Added by Garrett D'Amore 5 months ago. Updated 5 months ago.

Start date:
Due date:
% Done:


Estimated time:
Gerrit CR:
External Bug:


The kssl framework was intended to facilitate in-kernel offloading of the SSL operations required for the NCA (network cache accelerator.)

The purpose of this was to accelerate serving static web page content. It was invented during the early 2000s, when system were different and in-kernel mechanisms were needed. It also dates back before Solaris 10 fire engine, and even sendfile, when getting content to an HTTP server in user land was a lot more expensive.

However, kssl itself has not been maintained at all, and it only supports long since obsolete protocols. We don't believe it is in use anywhere, and we most emphatically believe it should NOT be in use, because the only versions of the SSL protocol it supports are widely understood to be insecure.

We should just remove it.

Related issues

Related to illumos gate - Bug #14768: retire ncaClosedGarrett D'Amore

Actions #1

Updated by Electric Monk 5 months ago

  • Gerrit CR set to 2207
Actions #2

Updated by Dan McDonald 5 months ago

Actions #4

Updated by Garrett D'Amore 5 months ago

  • Status changed from New to Pending RTI
  • % Done changed from 0 to 90
Actions #5

Updated by Joshua M. Clulow 5 months ago

Testing Notes (from RTI mail)

As nothing uses it, and this is a removal, testing has been limited to build, and booting, a version of these changes. (The version is somewhat modified to allow for conflicts in various things, but the net effect is that there are no vestiges of kssl anywhere.) A quick check for the existence of kssl (which is normally loaded by default in the current version) ensures that it is not present.

Actions #6

Updated by Electric Monk 5 months ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 90 to 100

git commit 7d10cd4ddf12f982d3bc7edcd01cc8b8d1dcc464

commit  7d10cd4ddf12f982d3bc7edcd01cc8b8d1dcc464
Author: Garrett D'Amore <>
Date:   2022-07-01T23:58:10.000Z

    14767 retire kssl
    Reviewed by: Toomas Soome <>
    Reviewed by: Peter Tribble <>
    Reviewed by: Igor Kozhukhov <>
    Approved by: Joshua M. Clulow <>


Also available in: Atom PDF