On Mon, Jan 11, 2021 at 10:31:01PM +, Jeremy Harris wrote:
> On 11/01/2021 22:07, Benjamin Kaduk wrote:
> > > Looking at the implementation, SSL_export_keying_material() only
> > > functions for TLS 1.3 . This is not documented. Is this a bug?
> > Are you looking at
On 11/01/2021 22:07, Benjamin Kaduk wrote:
Looking at the implementation, SSL_export_keying_material() only
functions for TLS 1.3 . This is not documented. Is this a bug?
Are you looking at SSL_export_keying_material() or
SSL_export_keying_material_early()?
Doh. I was looking at the wrong
On Mon, Jan 11, 2021 at 09:26:30PM +, Jeremy Harris wrote:
> On 11/01/2021 08:20, Benjamin Kaduk wrote:
> > Current recommendations are not to use the finished message as the channel
> > binding but instead to define key exporter label for the given usage
> > (see
> >
On 11/01/2021 08:20, Benjamin Kaduk wrote:
Current recommendations are not to use the finished message as the channel
binding but instead to define key exporter label for the given usage
(see https://tools.ietf.org/html/rfc8446#section-7.5), using
SSL_export_keying_material().
Follow-on
On 11/01/2021 08:20, Benjamin Kaduk wrote:
What is the status of SSL_get_finidhed() / SSL_get_peer_finished() ?
I do not find them documented at
On Sun, Jan 10, 2021 at 02:44:38PM +, Jeremy Harris wrote:
> Hi,
>
> What is the status of SSL_get_finidhed() / SSL_get_peer_finished() ?
>
> I do not find them documented at
>
>
Hi,
What is the status of SSL_get_finidhed() / SSL_get_peer_finished() ?
I do not find them documented at
https://www.openssl.org/docs/manmaster/man3/
but they are exported by the library and seem to be required, for
application channel-binding.
--
Cheers,
Jeremy