OLD
This document describes an optional configuration for TLS servers
that allows for the use of a static (EC) Diffie-Hellman private key
for all TLS connections made to the server. Passive monitoring of
TLS connections can be enabled by installing a corresponding copy of
this key in each authorized monitoring device.
NEW
This document describes an optional configuration for TLS servers
that is compatible with the TLS 1.3 ephemeral ciphersuites without
precluding enterprise network monitoring. This configuration
that allows for the use of a static (EC) Diffie-Hellman private key
for all TLS connections made to the server. Passive monitoring of
TLS connections can be enabled by installing a corresponding copy of
this key in each authorized monitoring
rdroms
commented
7 years ago
From Tim Polk:
OLD This document describes an optional configuration for TLS servers that allows for the use of a static (EC) Diffie-Hellman private key for all TLS connections made to the server. Passive monitoring of TLS connections can be enabled by installing a corresponding copy of this key in each authorized monitoring device. NEW This document describes an optional configuration for TLS servers that is compatible with the TLS 1.3 ephemeral ciphersuites without precluding enterprise network monitoring. This configuration that allows for the use of a static (EC) Diffie-Hellman private key for all TLS connections made to the server. Passive monitoring of TLS connections can be enabled by installing a corresponding copy of this key in each authorized monitoring