Overview

File 0139-TLS-secrets-require-the-keep_secrets-option-for-TLS-.patch of Package erlang

From 342b0ddaf18dbf01f409ffd135c21be307ccc398 Mon Sep 17 00:00:00 2001
From: Luke Bakken <luke@bakken.io>
Date: Thu, 15 Apr 2021 16:05:20 -0700
Subject: [PATCH] TLS secrets require the keep_secrets option for TLS 1.3

See issue #4738

cc @garazdawi
---
 lib/ssl/doc/src/ssl.xml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/ssl/doc/src/ssl.xml b/lib/ssl/doc/src/ssl.xml
index 22c49db4bb..3a0a6bd083 100644
--- a/lib/ssl/doc/src/ssl.xml
+++ b/lib/ssl/doc/src/ssl.xml
@@ -1599,6 +1599,10 @@ fun(srp, Username :: binary(), UserState :: term()) ->
       that affect the security of connection. Meaningful atoms, not specified
       above, are the ssl option names.</p>
 
+      <p>In order to retrieve keylog and other secret information from a TLS 1.3
+      connection, <seetype marker="#keep_secrets">keep_secrets</seetype> must be
+      configured in advance and set to <c>true</c>.</p>
+
       <note><p>If only undefined options are requested the
       resulting list can be empty.</p></note>
       </desc>
-- 
2.26.2
openSUSE Build Service is sponsored by
Places