On Mon, Jan 11, 2021 at 10:31:01PM +0000, Jeremy Harris wrote: > On 11/01/2021 22:07, Benjamin Kaduk wrote: > > > Looking at the implementation, SSL_export_keying_material() only > > > functions for TLS 1.3 . This is not documented. Is this a bug? > > Are you looking at SSL_export_keying_material() or SSL_export_keying_material_early()? > > Doh. I was looking at the wrong routine; thanks. > But, per below, now moot. > > > If you need to interwork with other implementations/an existing protocol, > > you have to stick with the Finished-based channel bindings; the exporter > > interface is a new protocol mechanism and the whole protocol/ecosystem has > > to be expecting to use it. > > Right. So we have implementations out there using it; will the OpenSSL > project consider promoting it to supported status so that it doesn't > disappear in some future release? I think you should treat them as if they are supported interfaces. They're present in the list of "things that aren't documented but should be", and do have some documentation-ish commentary in the public header file. Any API change or removal would be against our support policy (and patches to add man pages for them would also be welcome). > > With TLS 1.2 and extended master secret this is not known to be broken (and > > yes, that is a very carefully phrased statement). > > Understood :) Like all crypto... Yes ... though some we are more confident in than others :) -Ben
