Implement proposal 244: RFC5705 for exporting key material in tls handshake
From the proposal: {{{ We use AUTHENTICATE cells to bind the connection-initiator's Tor identity to a TLS session. Our current type of authentication ("RSA-SHA256-TLSSecret", see tor-spec.txt section 4.4) does this by signing a document that includes an HMAC of client_random and server_random, using the TLS master secret as a secret key.
There is a more standard way to get at this information, by using the facility defined in RFC5705. Further, it is likely to continue to. work with more TLS libraries, including TLS libraries like OpenSSL 1.1 that make master secrets and session data opaque.
}}}
This is easy, and easily done as part of #15055 (moved)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information