Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS: save temporary server keys #2210

Open
RomanBelozerov opened this issue Aug 12, 2024 · 1 comment
Open

TLS: save temporary server keys #2210

RomanBelozerov opened this issue Aug 12, 2024 · 1 comment
Labels
enhancement TLS Tempesta TLS module and related issues
Milestone
1.0 - GA

Comments

@RomanBelozerov
Copy link
Contributor

In some cases, we need to decrypt TLS traffic and we don't have access to temporary client keys. So we should add directive for saving temporary server keys because TempestaFW uses PFS and we cannot decrypt traffic without them.

Documentation

Please, add info to Development-guidelines page.
@RomanBelozerov RomanBelozerov added enhancement TLS Tempesta TLS module and related issues labels Aug 12, 2024
@krizhanovsky
Copy link
Contributor

This could be not so easy to design. TLS handshakes happen in softirq, so we can not do any filesystem related operations there. Probably, we can use some virtual filesystem interfaces like /proc or store the keys in a shared memory and later on "some" event dump them.

@krizhanovsky krizhanovsky added this to the 0.9 - LA milestone Aug 12, 2024
@krizhanovsky krizhanovsky mentioned this issue Sep 23, 2024
Open
@krizhanovsky krizhanovsky modified the milestones: 0.9 - LA, 1.0 - GA Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement TLS Tempesta TLS module and related issues
Projects
None yet
Milestone
1.0 - GA
Development

No branches or pull requests
2 participants
@krizhanovsky @RomanBelozerov