Hello group, >From what I can tell, it's currently not possible to consume CT information from Java reliably because there is no way to indicate support for the CT TLS extension [1] in the handshake as well as get the data sent back by a compatible server.
The work involved would be small, for example just grab the raw data and expose it via ExtendedSSLSession, in the same way stapled OCSP responses are currently handled. However, the improvements would be significant, as this change would enable Java applications to use CT if they so wish. Apologies as I am not familiar with how things are done; what's the process to make this happen? [1] https://datatracker.ietf.org/doc/html/rfc6962#section-3.3 -- Ivan
