New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS get keys and randoms #59276
Comments
I am develop a RADIUS server in 3.2 for WiFi authentication, the EAP-TLS or PEAP auths require a TLS tunnel AND get the master key and the client hello and server hello randoms to generate the MSK, the key to encrypt between WiFi user and WiFi access point. The more necessary is the master key, the randoms is possible extract with "man in the middle" Please, patch ssl. |
Please elaborate on what you are asking for, and try to make yourself understandable. |
Daniel: Antoine is absolutely right. About the only way this can happen is if *you* contribute the code. Even if you would make clear what you want (what is a "master key" and the "hello randoms"?), it is likely that still nobody else needs that feature. So without code from you, it will likely not happen. |
ok. i try to do the patch! |
This function solve the problem "SSL_tls1_key_exporter" http://comments.gmane.org/gmane.comp.encryption.openssl.user/42015 included in the development version of OpenSSL 1.0.1 in the CVS how is the correct way to implement in the python bind? |
Ok, so it seems the functionality is described in http://tools.ietf.org/html/rfc5705. If I understand correctly, it takes an ASCII label string, an optional context bytestring, and the length of the desired derived key. It then returns a bytestring of the given length, shared between client and server. The low-level implementation of the ssl module is in Modules/_ssl.c. We probably want to add a method to PySSLSocket_Type there. Then in Lib/ssl.py there'll have to be a SSLSocket method to call the former method. Tests should go in Lib/test/test_ssl.py. |
This request is an advanced use case. I'd rather keep the Python _ssl module simple and suggest PyOpenSSL + PyCA/cryptography for advanced features. |
To follow this ticket |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: