DOC: config: mention some possible TLS versions restrictions for kTLS

It took me one hour of trial and fail to figure that kTLS and splicing were not used only for reasons of TLS version, and that switching to TLS v1.2 solved the issue. Thus, let's mention it in the doc so that others find it more easily in the future. This should be backported to 3.3.
2026-01-29 05:51:07 +01:00 · 2026-01-28 10:42:37 +01:00 · 2026-01-28 10:42:37 +01:00 · cb3fd012cd
commit cb3fd012cd
parent bbab0ac4d0
1 changed files with 7 additions and 4 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -17220,7 +17220,9 @@ interface <interface>
 ktls <on|off> [ EXPERIMENTAL ]
  Enables or disables ktls for those sockets. If enabled, kTLS will be used
  if the kernel supports it and the cipher is compatible. This is only
-  available on Linux kernel 4.17 and above.
+  available on Linux kernel 4.17 and above. Please note that some network
+  drivers and/or TLS stacks might restrict kTLS usage to TLS v1.2 only. See
+  also "force-tlsv12".

 label <label>
  Sets an optional label for these sockets. It could be used group sockets by
@ -18480,9 +18482,10 @@ See also: "option tcp-check", "option httpchk"
 ktls <on|off> [ EXPERIMENTAL ]
  May be used in the following contexts: tcp, http, log, peers, ring

-  Enables or disables ktls for those sockets. If enabled, kTLS will be used
-  if the kernel supports it and the cipher is compatible.
-  This is only available on Linux.
+  Enables or disables ktls for those sockets. If enabled, kTLS will be used if
+  the kernel supports it and the cipher is compatible. This is only available
+  on Linux 4.17 and above. Please note that some network drivers and/or TLS
+  stacks might restrict kTLS usage to TLS v1.2 only. See also "force-tlsv12".

 log-bufsize <bufsize>
  May be used in the following contexts: log