Feature #7970
open
tls: Log elliptic curve ID
Added by Jamie Lavigne about 14 hours ago.
Updated about 14 hours ago.
Description
Feature request to support logging the value of the chosen elliptic curve (when used) in TLS event logs. It would be OK for this to be enabled by extended logging.
When elliptic curve protocols are used for key exchange, the chosen curve ID will appear in either the server key exchange message (TLS 1.2) or the key_share extension of the client hello (TLS 1.3). For security monitoring use cases it would be useful to support logging this value in TLS event logs.
Searchable keyword: protolog
Additionally we expect the usage of post-quantum TLS to continue to increase over time, so we should maybe think ahead to support those key exchange methods too. The equivalent for these would probably be to support logging the Kyber parameter set name like Kyber512 or Kyber1024. If we supported logging both the key exchange method and the selected parameters (the curve ID for EC based methods and the parameter set for Kyber) then both cases would be covered.
Also available in: Atom
PDF