> On Nov 15, 2018, at 9:30 AM, Short, Todd via openssl-users <openssl-users@xxxxxxxxxxx> wrote: > > I have seen this done for hardware acceleration; where the crypto chip can do everything except the handshake. > (In fact, this mechanism protected at least one device that I know of from the Heartbleed debacle, since the hardware crypto did not understand the record type.) > > Look at how the kernel handles TLS, and how the keys are extracted from OpenSSL: > > https://github.com/torvalds/linux/blob/master/Documentation/networking/tls.txt > https://github.com/openssl/openssl/pull/5253 Well, it takes more than just extracting a key. One also needs to know the cipher mode, and if not AEAD then the MAC algorithm and whether the EtM extension has been negotiated, and with TLS 1.3 be prepared to process keyUpdate messages, post handshake session tickets, ... -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
