Previous comment:
Please enable the tls_write and tls_read calls to take in iovec structures. This would help avoiding 1-copy (at least) into a flat buffer while sending large amounts, something that we need for our use-case. In addition, if you can avoid further copies of the data within the TLS layer for processing (for example, during encryption), that would be great.

Response:
I'm not sure if there is a real benefit, because tls_write takes a buffer that will be packed into a TLS record. The buffer is not copied nor stored, I'm not sure about the benefits here. Same goes for tls_get_write_buffer which provides access to internal buffer (no copy). I think that maybe it would be trivial to store a list of iovec structures instead of TLSe write buffer, but this will not be backwards compatible. But I also think you would be better using TLSe + kTLS + splice/sendfile instead.

=====
Additional comments:

1. kTLS is limited in support to cipher suites, does not work with all the ones we would like to explore.
2. Even if TLS records are fixed size, those can be built to work with scatter-gather arrays (or iovec structures) to avoid copy of user data (if that comes in iovec structurs too) to flat buffers in order to create those records. Along the lines of this work: https://www.usenix.org/legacy/events/osdi99/full_papers/pai/pai.pdf

Feel free to fork and add this TLSe. TLSe objectives are: secure, lightweight, portable.