ls@ietf.org<mailto:tls@ietf.org>" <tls@ietf.org<mailto:tls@ietf.org>>
Subject: Re: [TLS] TLS interception technologies that can be used with TLS 1.3
IIUC not quite. There is an API, so the application that uses the library can
get the keys. The application can then save it to
>
>
> From: Yoav Nir <ynir.i...@gmail.com>
> Date: Thursday, March 15, 2018 at 6:41 PM
> To: Richard Barnes <r...@ipv.sx>
> Cc: Rich Salz <rs...@akamai.com>, Hubert Kario <hka...@redhat.com>,
> "tls@ietf.org" <tls@ietf.org>
> Subjec
<ynir.i...@gmail.com>
> *Date: *Thursday, March 15, 2018 at 6:41 PM
> *To: *Richard Barnes <r...@ipv.sx>
> *Cc: *Rich Salz <rs...@akamai.com>, Hubert Kario <hka...@redhat.com>, "
> tls@ietf.org" <tls@ietf.org>
> *Subject: *Re: [TLS] TLS interception
Hubert Kario <hka...@redhat.com>
Date: Thursday, March 15, 2018 at 7:38 AM
To: <tls@ietf.org>
Subject: Re: [TLS] TLS interception technologies that can be used with TLS 1.3
On Thursday, 15 March 2018 05:51:31 CET Yoav Nir wrote:
At the risk of stating the obvious, it’s because server
This is what OpenSSL provides:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_get_keylog_callback.html
___
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
So what’s the flag in openssl.conf that makes it generate a file with all the
keys? There isn’t one. I guess the presumption is that if there was an RFC it
would be easier to get the powers that be to make it happen. It likely needs to
be in the main branch to be ubiquitous, because many
On Thursday, 15 March 2018 05:51:31 CET Yoav Nir wrote:
> At the risk of stating the obvious, it’s because server owners want to use
> the same OpenSSL, NSS, SChannel, or whatever you call the Java library that
> everybody else uses. They’re all widely used, actively maintained, and
> essentially
At the risk of stating the obvious, it’s because server owners want to use the
same OpenSSL, NSS, SChannel, or whatever you call the Java library that
everybody else uses. They’re all widely used, actively maintained, and
essentially free.
None of these libraries support any of this
One can either use a static DH share, save the ephemerals on the
servers and export them, or log all the data on the servers.
These options don't require any change to the wire protocol: they just
require vendors supporting them. Why don't they meet the needs cited?
Sincerely,
Watson