configure.ac · eb100e8b3212afabe2ee4d5c8e8a8b222bfec4ab · The Tor Project / Core / Tor

2 weeks ago

Remove support for "tlssecrets" exporting · db1709dc

Nick Mathewson authored 2 weeks ago

Before we could rely on RFC5705 key material exporters,
we did a fairly hinky thing involving the client random,
the server random, and the master secret.  These fields
are all opaque in sensible TLS libraries,
and the master secret is quite sensitive.
Therefore, we're removing them.

Some code still refers to them, but it does so behind
a `define(HAVE_WORKING_TOR_TLS_GET_TLSSECRETS)` check,
which macro is now never defined.

Part of #41020.

db1709dc

History

Remove support for "tlssecrets" exporting

Nick Mathewson authored 2 weeks ago

Before we could rely on RFC5705 key material exporters,
we did a fairly hinky thing involving the client random,
the server random, and the master secret.  These fields
are all opaque in sensible TLS libraries,
and the master secret is quite sensitive.
Therefore, we're removing them.

Some code still refers to them, but it does so behind
a `define(HAVE_WORKING_TOR_TLS_GET_TLSSECRETS)` check,
which macro is now never defined.

Part of #41020.