On 2021/06/24 11:12, Theo Buehler wrote:
> On Thu, Jun 24, 2021 at 10:29:23AM +0200, Theo Buehler wrote:
> > On Thu, Jun 24, 2021 at 07:36:24AM +0000, Klemens Nanni wrote:
> > > s_client(1) and s_server(1) have this very useful option:
> > >
> > > Changes between 1.0.1l and 1.0.2 [22 Jan 2015]
> > > ...
> > > *) SSL/TLS tracing code. This parses out SSL/TLS records using the
> > > message callback and prints the results. Needs compile time option
> > > "enable-ssl-trace". New options to s_client and s_server to enable
> > > tracing.
> > > [Steve Henson]
> >
> > I think the reason this is disabled by default is that it involves a
> > quite a lot of scary byte bashing inside libssl (all messages will be
> > parsed a second time). The result is that this will be available in all
> > consumers of the library.
> >
> > So I'm not sure enabling this is a good idea.
>
> FWIW: It looks like upstream have enabled this by default.
>
> https://github.com/openssl/openssl/pull/15665
>
Would you prefer it as a FLAVOR? That would be straightforward to do
if wanted.
No comments:
Post a Comment