Cisco Bug: CSCun31404 - ACWS to allow viewing of pre-master SSL/TLS keys
Jun 08, 2016
- Cisco AnyConnect Secure Mobility Client
Known Affected Releases
Symptom: Client request: "This feature would be useful to us for the ability to measure the performance of, optimize, and troubleshoot web applications which are tunneled over the ACWS encrypted tunnel. We similarly apply this technique to perform the same for applications which are transported on HTTPS, as shown in the document I provided earlier. Specifically, we would like to be able to decrypt the ACWS traffic to observe its contents for troubleshooting and analysis purposes. Performance analysis, defect debugging, and security response would all be reasons we might need this capability. We hope to be able to decrypt the traffic based on client-side keys without the need to obtain or disclose any server-side certificates or keys, which certainly would not be a possibility for us being that the traffic is protected by Cisco's ACWS certificates." Conditions: Feature request, currently not possible to obtain the TLS session pre-master/master encryption keys on the client side. Many other HTTPS/SSL apps allow this, such as browsers.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases