On 11/01/2021 22:07, Benjamin Kaduk wrote:
Looking at the implementation, SSL_export_keying_material() only
functions for TLS 1.3 . This is not documented. Is this a bug?
Are you looking at SSL_export_keying_material() or SSL_export_keying_material_early()?
Doh. I was looking at the wrong routine; thanks.
But, per below, now moot.
If you need to interwork with other implementations/an existing protocol,
you have to stick with the Finished-based channel bindings; the exporter
interface is a new protocol mechanism and the whole protocol/ecosystem has
to be expecting to use it.
Right. So we have implementations out there using it; will the OpenSSL
project consider promoting it to supported status so that it doesn't
disappear in some future release?
With TLS 1.2 and extended master secret this is not known to be broken (and
yes, that is a very carefully phrased statement).
Understood :) Like all crypto...
--
Cheers,
Jeremy