Use SSL_sendfile() from OpenSSL 3.0 in SSLSocket.sendfile when available.

[moonsikpark]

Feature or enhancement

SSL_sendfile() is a function added in OpenSSL 3.0. If we use this function, we can offload TLS to the kernel, which can hugely improve performance. However, both the kernel and OpenSSL must be built with kTLS support.

I would like to prepare a PR that enables SSL_sendfile() use in SSLSocket.sendfile.

Pitch

This would enable use of kernel TLS, which will yield significant increase of TLS performance in systems with kTLS support.

Previous discussion

https://discuss.python.org/t/sslsocket-sendfile-and-kernel-tls/18886

Linked PRs

• gh-99813: Start using SSL_sendfile when available #99907

[illia-v]

@moonsikpark thanks for opening the issue. I want to let you know that I made some progress in integrating the function in September and a little bit after #96830 was merged. It will be inefficient if we spend time solving the same problem. Let me open a PR with what I have tomorrow, then we can cooperate on finalizing this.

[moonsikpark]

@illia-v I've finished basic PoC of using SSL_sendfile() in this branch. If your progress is beyond what I've been working on, It'd be nice if you open the PR with yours :)

[illia-v]

@illia-v I've finished basic PoC of using SSL_sendfile() in this branch. If your progress is beyond what I've been working on, It'd be nice if you open the PR with yours :)

Cool! I created #99907, please leave your feedback about it.

Comparing to your branch, my version:

• incorporates some sendfile usage experience moved to socket.socket._sendfile_zerocopy;
• falls back to _sendfile_use_send;
• follows _ssl__SSLSocket_write_impl error handling;
• does not define _ssl._SSLSocket.sendfile at all if it unavailable similarly to how os.sendfile is not always defined.