TLS keying material exporters allow additional keying material to be derived from existing TLS channel. This exported keying material can then be used for a variety of purposes.
- Changes in the patch are made on to of crypto layer and that's reason why they should work for both crypto backends (openssl/polarssl) - TLS_FINAL Plugin was called in key_method_2_read() before server_random was generated for the TLS server end-point and that's the reason why it's called at 2 places now. key_method_2_read() for server and key_method_2_write() for client. Use cases: 1) Authentication of upper layer (like Kerberos etc) 2) Authentication of VPN's TLS channel using QRCODE and device such as smartphone. (Instead of user/pass dialog TLS VPN client could show QRCODE based on Keying Material Derivate)
openvpn-binding-key.patch
Description: Binary data
