The kernel TLS patches were merged to net-next today, which puts them on
track for v4.13:
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit...
So far only outgoing encryption is handled in the kernel. The handshake
must still be handled by userspace code. Since ELL's tls implementation
can be used separately from TCP (as iwd does), ELL can't rely on kernel
TLS entirely. However, using kernel TLS for TCP sockets would eliminate
the extra system calls to handle encryption using AF_ALG.
I think it's early to build support in to ELL, but we should keep this on
our radar.
--
Mat Martineau
Intel OTC