Comment by treesknees
15 days ago
Aren’t most TLS implementations still using things like OpenSSL in userspace? How would the kernel get access to the request?
15 days ago
Aren’t most TLS implementations still using things like OpenSSL in userspace? How would the kernel get access to the request?
A process with kernel level permissions can patch into userspace process an intercept calls. For example https://github.com/SebastienWae/sslsnoop
You’ve still gotta do that for every TLS library used then. There’s a finite list of them of course, but it’s more than just a few.