Welcome! Log In Create A New Profile


expose tls-unique value

Posted by rogierschouten 
expose tls-unique value
January 21, 2020 08:09AM
TLS connections have a unique identifier called the tls-unique value. This is the content of the last Finished message in the TLS handshake. I would like the tls-unique value to be exposed for SSL connections. So next to e.g. $ssl_client_escaped_cert, I would like to have a variable $ssl_tls_escaped_unique_value so that I can put it into a proxy header.

I suggest urlencoding the value.

Use case:

Implementing RFC-7030 EST requires knowledge of the TLS-unique value of the associated TLS connection. https://tools.ietf.org/html/rfc7030#section-3.5

I would like to implement this protocol behind an NGINX reverse proxy, and I want NGINX to do the TLS termination. Currently I cannot do that because while NGINX does expose the ssl client certificate, it does not yet expose the tls-unique value of the connection.
Re: expose tls-unique value
July 14, 2023 08:08AM
I would also like this feature, for exactly the same reason.
Re: expose tls-unique value
July 18, 2023 08:29AM
Also note that tls-unique is to be Base64-encoded. Additional URL encoding should not be necessary.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 97
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready