Implement exporters for TLS 1.3

cloudflare / tls-tris

crypto/tls, now with 100% more 1.3. THE API IS NOT STABLE AND DOCUMENTATION IS NOT GUARANTEED.

Other

291 stars 51 forks source link

Implement exporters for TLS 1.3 #176

Closed wbl closed 5 years ago

wbl commented 5 years ago

This implements exporters for TLS 1.3.

wbl commented 5 years ago

The tests are passing on my machine: I suspect Travis didn't pick up the commit as the hash looks different/maybe it's a go version problem. I think though I'll want to rework the API to bring it closer to upstream.

Lekensteyn commented 5 years ago

The test-unit target is also failing on master. I'll have a look.

wbl commented 5 years ago

Tests are passing now. This feature would come for free if we updated our starting point to a more recent upstream.

Lekensteyn commented 5 years ago

What do you need this for? NTS?

I think it would be a good idea to not introduce an incompatible interface for the same functionality, upstream has ConnectionState.ExportKeyMaterial: https://golang.org/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial

We really should redo changes on top of upstream at some point.

wbl commented 5 years ago

We need this for exported authenticators https://datatracker.ietf.org/doc/draft-ietf-tls-exported-authenticator/. If we're going to redo on top of upstream which will grab this automatically I'll just close this PR