Dear developers,

I'm looking for a way to establish a TLS 1.3 connection between a server and a client using WolfSSL, and extract the symmetric session key that the two parties have agreed upon. For example, assuming I use the cipher suite TLS13-AES128-GCM-SHA256, I expect that both parties agreed on a shared symmetric key of 128 bits for AES-GCM.

What API do you recommend to use for exporting this secret? After some investigations, I could see we may register a callback with wolfSSL_set_tls13_secret_cb for secret exportation, but it is unclear if this function really exposes the symmetric key.

I will then later use this ephemeral symmetric key with WolfCrypt for encrypting/decrypting secrets.

Many thanks!
Cheers