FreeBSD 15 and Kernel TLS (kTLS)

[Aknot]

When checking our vmx0 on our VMware instance with # ifconfig , it shows support for both TSO4 and TSO6, making it possible to enable kTLS, right?

When running # sysctl kern.ipc.tls.stats I'm getting:

kern.ipc.tls.stats.ocf.retries: 0
kern.ipc.tls.stats.ocf.separate_output: 0
kern.ipc.tls.stats.ocf.inplace: 0
kern.ipc.tls.stats.ocf.tls13_chacha20_encrypts: 0
kern.ipc.tls.stats.ocf.tls13_chacha20_decrypts: 0
kern.ipc.tls.stats.ocf.tls13_gcm_recrypts: 0
kern.ipc.tls.stats.ocf.tls13_gcm_encrypts: 0
kern.ipc.tls.stats.ocf.tls13_gcm_decrypts: 0
kern.ipc.tls.stats.ocf.tls12_chacha20_encrypts: 0
kern.ipc.tls.stats.ocf.tls12_chacha20_decrypts: 0
kern.ipc.tls.stats.ocf.tls12_gcm_recrypts: 0
kern.ipc.tls.stats.ocf.tls12_gcm_encrypts: 0
kern.ipc.tls.stats.ocf.tls12_gcm_decrypts: 0
kern.ipc.tls.stats.ocf.tls11_cbc_encrypts: 0
kern.ipc.tls.stats.ocf.tls11_cbc_decrypts: 0
kern.ipc.tls.stats.ocf.tls10_cbc_encrypts: 0
kern.ipc.tls.stats.destroy_task: 0
kern.ipc.tls.stats.ifnet_disable_ok: 0
kern.ipc.tls.stats.ifnet_disable_failed: 0
kern.ipc.tls.stats.switch_failed: 0
kern.ipc.tls.stats.switch_to_sw: 0
kern.ipc.tls.stats.switch_to_ifnet: 0
kern.ipc.tls.stats.failed_crypto: 0
kern.ipc.tls.stats.corrupted_records: 0
kern.ipc.tls.stats.active: 0
kern.ipc.tls.stats.enable_calls: 0
kern.ipc.tls.stats.offload_total: 0
kern.ipc.tls.stats.sw_rx_inqueue: 0
kern.ipc.tls.stats.sw_tx_inqueue: 0
kern.ipc.tls.stats.sw_tx_pending: 0
kern.ipc.tls.stats.threads: 0

So I'm guessing the functions are already built in - in version 15 of FreeBSD (no need to load a .ko)?

I'm trying to understand how to continue from here with the information I can find.

To offload the CPU on the server, Apache httpd have the following directives:

EnableSendfile On
EnableMMAP On

# sysctl kern.ipc.tls.enable is giving me:

kern.ipc.tls.enable: 1

Do I need to make some changes to OpenSSL 3.5 in the system?

Thanks,