node
node copied to clipboard
nodejs
RFC 9266: Channel Bindings for TLS 1.3 support
What is the problem this feature will solve?
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
- https://datatracker.ietf.org/doc/html/rfc9266
Little details, to know easily:
- tls-unique for TLS =< 1.2
- tls-exporter for TLS = 1.3
Thanks in advance.
Linked to:
- https://github.com/nodejs/node/blob/main/doc/api/tls.md
What is the feature you are proposing to solve the problem?
What alternatives have you considered?
No response
More details please? If you want to see your feature request accepted, outline when and where you would use the new functionality and what you think the API should look like. Either that or open a pull request.
@bnoordhuis: thanks for your answer!
Here: https://github.com/nodejs/node/blob/main/doc/api/tls.md
It is specified for tls-unique:
tlsSocket.getFinished()
Returns: {Buffer|undefined} The latest Finished message that has been sent to the socket as part of a SSL/TLS handshake, or undefined if no Finished message has been sent yet.
As the Finished messages are message digests of the complete handshake (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can be used for external authentication procedures when the authentication provided by SSL/TLS is not desired or is not enough.
Corresponds to the SSL_get_finished routine in OpenSSL and may be used to implement the tls-unique channel binding from RFC 5929.
tlsSocket.getPeerFinished()
Returns: {Buffer|undefined} The latest Finished message that is expected or has actually been received from the socket as part of a SSL/TLS handshake, or undefined if there is no Finished message so far.
As the Finished messages are message digests of the complete handshake (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can be used for external authentication procedures when the authentication provided by SSL/TLS is not desired or is not enough.
Corresponds to the SSL_get_peer_finished routine in OpenSSL and may be used to implement the tls-unique channel binding from RFC 5929.
Can you see for tls-exporter from RFC 9266?
There has been no activity on this feature request for 5 months and it is unlikely to be implemented. It will be closed 6 months after the last non-automated comment.
For more information on how the project manages feature requests, please consult the feature request management document.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I asked you to sketch out the API but you didn't really do that. No one else chimed in either and that suggests it's a feature for which there isn't much demand. Best way forward is to either open a pull request if you want to see this happen, or close the issue.
@bnoordhuis: tls-unique is specified in https://github.com/nodejs/node/blob/main/doc/api/tls.md but not tls-exporter...
tls-exporter is missing :/
Forgive me for missing that https://github.com/nodejs/node/issues/44118#issuecomment-1207307161 was your (somewhat oblique) attempt at an API outline. Do you plan to open a pull request?
@bnoordhuis: My ticket is a request to add this feature, not to create a PR myself :/
Okay, I'll go ahead and close this then. You're the first and so far only one to have requested this; no one else has expressed interest. Pull request still welcome, of course, but at this point I don't see reason to add this.