[erlang-questions] SSL: Getting master_secret and client_random (or premaster_secret)

Roger Lipscombe roger@REDACTED
Fri Jan 13 11:43:45 CET 2017


On 13 January 2017 at 09:39, Ingela Andin <ingela.andin@REDACTED> wrote:
> Well our reasoning at the moment is that we could add a debug possibility,
> that would let connection_information
> return client/server/master_secret values for connections started in debug
> mode. Just like you can configure a connection to run anonymous ciphers
> suites for test and debugging purposes. However we would
> not want connection_information to return these values by default. Even if
> you conceptually can get at the information by hacking we do not want to
> make it easy to do bad things to security by "accident" or
> otherwise.

Sure. There's precedent for that: process_info/1 doesn't return
everything that you can ask for in process_info/2, no?

I'm not sure how this would do bad things to security. The server's
already seeing the plaintext, otherwise it couldn't do its job. Could
you explain your concerns further?



More information about the erlang-questions mailing list