Comment by treesknees
2 months ago
Aren’t most TLS implementations still using things like OpenSSL in userspace? How would the kernel get access to the request?
2 months ago
Aren’t most TLS implementations still using things like OpenSSL in userspace? How would the kernel get access to the request?
A process with kernel level permissions can patch into userspace process an intercept calls. For example https://github.com/SebastienWae/sslsnoop
You’ve still gotta do that for every TLS library used then. There’s a finite list of them of course, but it’s more than just a few.