Verifying NFS over TLS

Reply: Rick Macklem : "Re: Verifying NFS over TLS"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Peter Jeremy <peterj_at_freebsd.org>
Date: Sat, 24 Jun 2023 08:52:15 UTC

I've recently been configuring NFS over TLS[*] and one issue that came
up was how to verify that it's actually using using TLS.
* "mount -v" doesn't provide any indication of mount options.
* Various kern.ipc.tls sysctls can confirm that *something* is using
  ktls but not that a specific NFS mount is using TLS.
* tcpdump's inability to decode traffic on port 2049 is a fairly good
  indication but isn't as direct as I'd like.

What is the recommended way to distinguish TLS from non-TLS mounts?

[*] Thanks very much rmacklem@ for your work.
-- 
Peter Jeremy