Hi Patrick, Lukas
> Le 13 juin 2017 à 19:26, Lukas Tribus <[email protected]> a écrit : > > Hi Patrick, > > > Am 13.06.2017 um 01:31 schrieb Patrick Hemmer: >> >> >> On 2017/6/12 15:14, Lukas Tribus wrote: >>> Hello, >>> >>> >>> Am 12.06.2017 um 19:35 schrieb Patrick Hemmer: >>>> Would we be able to get a new sample which provides the SSL session >>>> master-key? >>>> This is so that when performing packet captures with ephemeral ciphers >>>> (DHE), we can decrypt the traffic in the capture. >>> There is no master key. What you need is the key for the symmetric >>> crypto, and you cannot extract it from haproxy currently. >>> >>> More importantly, OpenSSL implements this functionality only the master >>> branch (see [1] and [2]), none of the release branches actually have >>> this functionality. >>> So we need OpenSSL to release a new branch with this functionality >>> (1.1.1), we have to implement it in haproxy and then still it will only >>> work for <=TLSv1.2. >>> >>> TLSv1.3 will need additional secrets and a different key logging API [3]. >>> >>> >>> I suggest you use SSLKEYLOGFILE features in the browsers at this point, >>> as the functionality is far from being ready for any OpenSSL based >>> application. >>> >>> >>> Regards, >>> Lukas >>> >>> [1] >>> https://github.com/openssl/openssl/commit/2faa1b48fd6864f6bb8f992fd638378202fdd416 >>> [2] >>> https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_keylog_callback.html >>> [3] https://github.com/openssl/openssl/pull/2287 >>> >> >> Maybe there's some misunderstanding, because we seem to be talking >> about different things, as there definitely is a master key. >> >> I patched my haproxy to add a ssl_fc_session_key fetch, and with the >> value I was able to decrypt my test sessions encrypted with >> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. > > We are talking about the same thing, I just find the term "master key" > confusing, but I understand that is what everyone uses in this context. > > > >> >> Since the implementation was fairly easy, I've included a patch for >> it. But I've never submitted anything before, so there's a good chance >> of something being wrong. >> >> The only thing is that the function to do the extraction was added in >> 1.1.0 >> (https://github.com/openssl/openssl/commit/858618e7e037559b75b0bfca4d30440f9515b888 >> >> <https://github.com/openssl/openssl/commit/858618e7e037559b75b0bfca4d30440f9515b888>) > > Very nice, so the openssl features I mentioned are only necessary if we > need callback functions (which is not the case), so we can already do > this in 1.1.0. > > > Patch needs review, CC +Emeric +Emmanuel. > > Sounds good. SSL_SESSION_get_master_key also exist in boringssl, the #if should be: #if (OPENSSL_VERSION_NUMBER >= 0x10100000fL) || defined(OPENSSL_IS_BORINGSSL) Manu
