Today, most of the traffic that traverses the Internet is encrypted. Users (e.g., clients) and servers are able to exchange data securely using the Transport Layer Security (TLS) protocol. However, there will likely be one or more proxies in the path between a client and a server and those proxies are able to change some of the security parameters based on, for example, a network security policy. As a result, a client may not know exactly what is happening in the middle. To address these types of challenges, techniques are presented herein that support an extension to the handshake protocol that can request a ‘trace’ feature along a network path. All of the different TLS entities in the network can recognize the extension and add any changes that they are making to the upstream proposal. Advantages of the techniques presented herein include, among other things, helping to troubleshoot the TLS policy end-to-end.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.