[erlang-questions] SSL: Getting master_secret and client_random (or premaster_secret)

Kenneth Lakin <>
Wed Jan 11 22:06:38 CET 2017


On 01/11/2017 11:12 AM, Ingela Andin wrote:
> Of course, it is possible to provide such an API, although it
> seems to me that the use case is violating the concept of using
> TLS in the first place.

AFAICT, TLS protects the data in transit, provides data integrity
guarantees, and provides optional peer authentication. Maybe I'm
poorly-informed, but (because the peers have to perform the TLS
handshaking, encryption, and decryption) it seems that it is assumed
that the peers have access to the master secret, server/client random
and the like.

OpenSSL 1.1.0 appears to expose functions that provide the information
that Lipscomb is looking for:
<https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_client_random.html>

BoringSSL (Google's fork of OpenSSL that reportedly aims to be
conservative and sane) also exposes these functions:
<https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_get_client_random>
and
<https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_SESSION_get_master_key>

As to extracting the information of interest in the Erlang ssl library,
The two-argument variant of the ssl:connection_info function looks
promising.

As to implementation, it kinda looks like ssl:connection_info eventually
calls ssl_connection:connection_info. One could take a cue from the code
in ssl_connection:handle_call({prf ...) to extract the
security_parameters from the current connection state, extract
master_secret and client_random from security_parameters, and then add
them to the list that ssl_connection:connection_info returns. It looks
like ssl:connection_info/2 will filter out the things that weren't
requested and pass the rest on to the caller. The one-argument variant
returns {ConnectionProtocol, ConnectionCyphersuite}, regardless of of
any additional information that the called function handed back to it.

It also looks like ssl_handshake has some exported premaster_secret
functions, but I'd need to do a bit of reading to figure out how to make
use of them.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20170111/3c936ad3/attachment.bin>


More information about the erlang-questions mailing list