-
Sub-task
-
Resolution: Delivered
-
P3
-
25
This enhancement adds support for TLS (Transport Layer Security) Keying Material Exporters, which allow applications to generate additional application-level keying material from a connection's negotiated TLS keys.
This change enables support for several additional protocols, including those labels registered in the [IANA TLS Parameters-Exporter Label](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels) document.
This functionality is described in [RFC 5705](https://www.rfc-editor.org/rfc/rfc5705.html) for TLSv1-TLSv1.2, and [RFC 8446](https://www.rfc-editor.org/rfc/rfc8446.html) for TLSv1.3. The feature can be accessed via two new APIs in the `javax.net.ssl.ExtendedSSLSession` class:
public SecretKey exportKeyingMaterialKey(String keyAlg,
String label, byte[] context, int length) throws SSLKeyException
public byte[] exportKeyingMaterialData(
String label, byte[] context, int length) throws SSLKeyException
This change enables support for several additional protocols, including those labels registered in the [IANA TLS Parameters-Exporter Label](https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels) document.
This functionality is described in [RFC 5705](https://www.rfc-editor.org/rfc/rfc5705.html) for TLSv1-TLSv1.2, and [RFC 8446](https://www.rfc-editor.org/rfc/rfc8446.html) for TLSv1.3. The feature can be accessed via two new APIs in the `javax.net.ssl.ExtendedSSLSession` class:
public SecretKey exportKeyingMaterialKey(String keyAlg,
String label, byte[] context, int length) throws SSLKeyException
public byte[] exportKeyingMaterialData(
String label, byte[] context, int length) throws SSLKeyException