Welcome! Log In Create A New Profile

Advanced

expose tls-unique value

Posted by rogierschouten 
expose tls-unique value
January 21, 2020 08:09AM
TLS connections have a unique identifier called the tls-unique value. This is the content of the last Finished message in the TLS handshake. I would like the tls-unique value to be exposed for SSL connections. So next to e.g. $ssl_client_escaped_cert, I would like to have a variable $ssl_tls_escaped_unique_value so that I can put it into a proxy header.

I suggest urlencoding the value.


Use case:

Implementing RFC-7030 EST requires knowledge of the TLS-unique value of the associated TLS connection. https://tools.ietf.org/html/rfc7030#section-3.5


I would like to implement this protocol behind an NGINX reverse proxy, and I want NGINX to do the TLS termination. Currently I cannot do that because while NGINX does expose the ssl client certificate, it does not yet expose the tls-unique value of the connection.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 92
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready