mintls, maxtls, enclair, and cipher.
Richard Laager
rlaager at wiktel.com
Sun Feb 3 16:56:26 UTC 2019
On 2/3/19 8:17 AM, Eric S. Raymond via devel wrote:
> Hal Murray <hmurray at megapathdsl.net>:
>> Please verify with a TLS wizard that you can do what you are describing with
>> OpenSSL. I've poked around a bit and don't know how to do that.
>
> My plan is to brute-force the problem. Rather than trying to beat TLS into
> talking en clair, I'll make 'enclair' change the socket-fu so TLS never
> gets involved at all, the NTS-KE traffic goes over a bare socket.
This enclair option will only be useful for very early testing (and can
then be removed). You specifically need a TLS session for NTS-KE to
derive C2S and S2C. Specifically, you will be calling
SSL_export_keying_material() with values as described starting in
section 4.2. The NTS-KE client and server will run the same function on
the same TLS session with the same inputs, and each gets C2S and S2C.
The client will keep C2S/S2C in memory for the lifetime of the
association. The server will encrypt C2S/S2C into a cookie, which is
passed to the client and later echoed back, so the server is stateless.
--
Richard
More information about the devel
mailing list