esl
RFC 9266: Channel Bindings for TLS 1.3 support
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
- https://datatracker.ietf.org/doc/html/rfc9266
Little details, to know easily:
- tls-unique for TLS =< 1.2
- tls-server-end-point
- tls-exporter for TLS = 1.3
Thanks in advance.
Linked to:
- https://github.com/esl/MongooseIM/issues/3721
- https://github.com/scram-sasl/info/issues/1
Dear @esl team, have you progressed on it?
It is important for security, you can see here:
- https://notes.valdikss.org.ru/jabber.ru-mitm
- https://snikket.org/blog/on-the-jabber-ru-mitm
- https://www.devever.net/~hl/xmpp-incident
Thanks in advance.
Dear @esl team, have you progressed on it?
It is important for security, you can see here:
* https://notes.valdikss.org.ru/jabber.ru-mitm * https://snikket.org/blog/on-the-jabber-ru-mitm * https://www.devever.net/~hl/xmpp-incidentThanks in advance.
Hi @Neustradamus, thanks a lot for these news, they are very important. The difficulty is that to build channel binding, we need support from the underlying TLS libraries to expose the right keys, so it'll take a while, I need to verify such TLS libraries. Nevertheless, raising the priority of this issue in our internal backlog.
Closing as it doesn't necessarily affect this library, here we are transparent to the CB type and payload provided and it is up to the library user to provide whatever is desired.
Note that when it comes to MIM and escalus it was already implemented in their respective repositories.