Open Bug 1927351 Opened 9 days ago Updated 8 days ago

SSLKEYLOG support for Encrypted Client Hello

Tracking

(Not tracked)

Status:

UNCONFIRMED

People

(Reporter: yaroslavros, Unassigned)

Details

Attachments

(1 file)

Bug 1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server. r=#nss-reviewers 9 days ago Yaroslav Rosomakho 48 bytes, text/x-phabricator-request		Details \| Review

Yaroslav Rosomakho

Reporter

Description

•

9 days ago

Steps to reproduce:

Using NSS based client or server with Encrypted Client Hello and generate SSLKEYLOG for diagnostics

Actual results:

SSLKEYLOGFILE contains entries prefixed with Random from Inner ClientHello, so it cannot be used for TLS sessions with Encrypted Client Hello.

Expected results:

NSS should generate ECH_CONFIG and ECH_SECRET SSLKEYLOG records according to draft-ietf-tls-ech-keylogfile.

I will be shortly submitting a patch to implement this capability.

Yaroslav Rosomakho

Reporter

Comment 1

•

9 days ago

Attached file Bug 1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server. r=#nss-reviewers — Details

You need to log in before you can comment on or make changes to this bug.

Bugzilla

SSLKEYLOG support for Encrypted Client Hello

Categories

(NSS :: Libraries, enhancement)

Tracking

(Not tracked)

People

(Reporter: yaroslavros, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Attachment

General

Description

File Name

Content Type