TLS Keying Material Exporters

TLS keying material exporters (RFC 5705) allow an application to get additional application-specific keying material derived from the TLS master secret.

I have helped contribute source code for implementations for TLS keying material exporters to the following projects:

  • OpenSSL: patch updated and incorporated by Eric Rescorla; shipping in OpenSSL v1.0.1
  • Network Security Services (NSS): shipping in NSS 3.14; see Bugzilla bug #507359

The command-line test client and test server programs in OpenSSL and NSS have been modified to expose the keying material extractor function on the command line. For example, use openssl s_client -keymatexport “label” -keymatexportlen 20.

I have additionally developed patches for higher level applications to allow access to the keying material exporter. These patches are outdated, and possibly insecure, and should only be used for prototyping purposes.

The modifications to Apache/mod_ssl, PHP, and Mozilla Firefox are so that higher level applications (written in PHP or Javascript, for example) can access the TLS keying material extractor from the underlying SSL implementation. In Firefox, the exported keying material is available in Javascript via the function window.crypto.tlsExportKeyingMaterial(label, numBytes, contextValue) where contextValue can be null. See also the documentation regarding the new Javascript API.

There are no build or installation instructions; you need to find those from the correspond projects’ websites.

I have successfully tested interoperability of all client-server combinations for clients = { openssl s_client, NSS tstclnt }, servers = { openssl s_server, NSS selfserv }. You can access sample code for various scenarios in