ktls fallback to userspace
This was originally added as a comment: !1625 (comment 1145092003)
Looking at the ktls support for key_update
code and the feature claims that it supports fallback to userspace TLS if a key_update is received (and kernel patch is not applied). However, having done local testing with ktls in other TLS libraries, I dont think its possible to fallback to userspace and undo the TCP_ULP once it has been enabled and crypto_info has been set.
The current code is setting session->internals.ktls_enabled = 0;
but the socket is still ktls enabled and has the previous encryption keys so from what I can tell there will be double encryption == garbage being sent on the wire.
ktls-enabled
plaintext -> ktls -> ciphertext
ktls-disabled
plaintext -> gnutls_encrypt -> ktls -> garbage
I might also be a good idea to add a test for the fallback scenario to verify behavior.