Feature #7970
opentls: Log elliptic curve ID
Description
Feature request to support logging the value of the chosen elliptic curve (when used) in TLS event logs. It would be OK for this to be enabled by extended logging.
When elliptic curve protocols are used for key exchange, the chosen curve ID will appear in either the server key exchange message (TLS 1.2) or the key_share extension of the client hello (TLS 1.3). For security monitoring use cases it would be useful to support logging this value in TLS event logs.
Updated by Jamie Lavigne about 12 hours ago
Additionally we expect the usage of post-quantum TLS to continue to increase over time, so we should maybe think ahead to support those key exchange methods too. The equivalent for these would probably be to support logging the Kyber parameter set name like Kyber512 or Kyber1024. If we supported logging both the key exchange method and the selected parameters (the curve ID for EC based methods and the parameter set for Kyber) then both cases would be covered.