Many HTTPS browsers support dumping keys for TLS sessions to a text file to allow analysis tools to decrypt captured TLS sessions. This is an extremely useful debugging tool for working with services that only expose encrypted interfaces. This support exists in Firefox and Chrome: in Firefox’s case using NSS, and in Chrome’s case using their BoringSSL fork of OpenSSL. Both tools dump the keys in the same format, defined here[0].
As a developer of a HTTP(S) library that uses OpenSSL directly for TLS, I would like to support the same ad hoc standard for dumping TLS session keys. However, as far as I’m aware OpenSSL has no support for accessing those keys. It would be extremely helpful if OpenSSL added this support. A possible starting point for this work would be a series of patches applied by David Benjamin to BoringSSL. The first of these can be found here[1], though the eventual interface for this changed to use a callback, and it would probably be better to mimic that interface than to use the BIO-based one shown in this specific patch. Is there any interest in adding this support to OpenSSL? Cory [0]: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format [1]: https://boringssl.googlesource.com/boringssl/+/859ec3cc09f244348f3c919693817acb01064535%5E%21/
signature.asc
Description: PGP signature
_______________________________________________ openssl-bugs-mod mailing list openssl-bugs-...@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
