-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC 9266: Channel Bindings for TLS 1.3 support #49581
Comments
//cc @brianquinlan |
@Neustradamus It wasn't clear from the BoringSSL bug (openssl/openssl#18893) that you filed whether the necessary BoringSSL features are in place - are they? |
@brianquinlan: About BoringSSL, it is not complete, you can compare:
2/ tls-exporter:
From @agl, @davidben: tls-unique: I have commented here: I have requested more details:
|
@Neustradamus, as I explained in the other places you've been CCing us, no new APIs are needed to implement RFC 9266, in any of OpenSSL or its derivatives. Or, indeed, in most TLS libraries I expect. You simply call the existing APIs for TLS's "export keying material" mechanism. Any API specific to RFC 9266 would just be convenience wrappers over that underlying primitive. I don't see a particular need to add a convenience wrapper to BoringSSL right now. |
@PapaTutuWawa: I have done ticket here, do not hesitated to explain your problem. Linked to: |
The issue comes from the fact that I would like to use TLS Channel Binding in my application using Dart to implement SCRAM-*-PLUS. For that, however, I would need access to the TLS connection's state (if that is the correct name) to get the neccessary data. Taking this Go SCRAM implementation as inspiration, something like Go's ExportKeyingMaterial would be required. As far as I know, Dart does not expose this kind of access in the |
Happy New Year 2023 to all! Have you looked for this ticket and the @PapaTutuWawa comment? |
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
Little details, to know easily:
Thanks in advance.
The text was updated successfully, but these errors were encountered: