diff --git a/openssl-sys/src/handwritten/ssl.rs b/openssl-sys/src/handwritten/ssl.rs
index cdcdea5881..0aa2835c08 100644
--- a/openssl-sys/src/handwritten/ssl.rs
+++ b/openssl-sys/src/handwritten/ssl.rs
@@ -674,6 +674,8 @@ extern "C" {
         num: size_t,
         written: *mut size_t,
     ) -> c_int;
+    #[cfg(ossl300)]
+    pub fn SSL_sendfile(ssl: *mut SSL, fd: c_int, offset: off_t, size: size_t, flags: c_int) -> ssize_t;
     #[cfg(any(ossl111, libressl340))]
     pub fn SSL_write_early_data(
         s: *mut SSL,
diff --git a/openssl-sys/src/ssl.rs b/openssl-sys/src/ssl.rs
index 52ea5b2135..9c405f7265 100644
--- a/openssl-sys/src/ssl.rs
+++ b/openssl-sys/src/ssl.rs
@@ -73,6 +73,8 @@ cfg_if! {
 }
 
 pub const SSL_OP_LEGACY_SERVER_CONNECT: ssl_op_type!() = 0x00000004;
+#[cfg(ossl300)]
+pub const SSL_OP_ENABLE_KTLS: ssl_op_type!() = 0x00000008;
 cfg_if! {
     if #[cfg(libressl261)] {
         pub const SSL_OP_TLSEXT_PADDING: ssl_op_type!() = 0x0;
@@ -169,6 +171,9 @@ cfg_if! {
     }
 }
 
+#[cfg(ossl320)]
+pub const SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE: ssl_op_type!() = 0x400000000;
+
 cfg_if! {
     if #[cfg(ossl300)] {
         pub const SSL_OP_ALL: ssl_op_type!() = SSL_OP_CRYPTOPRO_TLSEXT_BUG
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 2ff9dac1fd..51f39c24ea 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -281,6 +281,26 @@ bitflags! {
         /// [`SslOptions::CIPHER_SERVER_PREFERENCE`]: struct.SslOptions.html#associatedconstant.CIPHER_SERVER_PREFERENCE
         #[cfg(ossl111)]
         const PRIORITIZE_CHACHA = ffi::SSL_OP_PRIORITIZE_CHACHA as SslOptionsRepr;
+
+        /// Enable the use of kernel TLS.
+        /// 
+        /// In order to benefit from kernel TLS OpenSSL must have been compiled with support for it,
+        /// and it must be supported by the negotiated ciphersuites and extensions.
+        /// The specific ciphersuites and extensions that are supported may vary by platform and kernel version.
+        /// 
+        /// Requires OpenSSL 3.0.0 or newer.
+        #[cfg(ossl300)]
+        const ENABLE_KTLS = ffi::SSL_OP_ENABLE_KTLS as SslOptionsRepr;
+
+        /// With this option, sendfile() will use the zerocopy mode, which gives a performance boost when used with KTLS hardware offload.
+        /// Note that invalid TLS records might be transmitted if the file is changed while being sent.
+        /// 
+        /// Requires enable [`SslOptions::ENABLE_KTLS`].
+        /// Requires OpenSSL 3.2.0 or newer.
+        /// 
+        /// [`SslOptions::ENABLE_KTLS`]: struct.SslOptions.html#associatedconstant.ENABLE_KTLS
+        #[cfg(ossl320)]
+        const ENABLE_KTLS_ZEROCOPY_SENDFILE = ffi::SSL_OP_ENABLE_KTLS_TX_ZEROCOPY_SENDFILE as SslOptionsRepr;
     }
 }