RFC 9266: Channel Bindings for TLS 1.3 support #49581
Comments
mit-mit
added
the
area-core-library
lrhn
added
area-vm
|
//cc @brianquinlan |
|
@Neustradamus It wasn't clear from the BoringSSL bug (openssl/openssl#18893) that you filed whether the necessary BoringSSL features are in place - are they? |
|
@brianquinlan: About BoringSSL, it is not complete, you can compare:
2/ tls-exporter:
From @agl, @davidben: tls-unique: I have commented here: I have requested more details: |
|
@Neustradamus, as I explained in the other places you've been CCing us, no new APIs are needed to implement RFC 9266, in any of OpenSSL or its derivatives. Or, indeed, in most TLS libraries I expect. You simply call the existing APIs for TLS's "export keying material" mechanism. Any API specific to RFC 9266 would just be convenience wrappers over that underlying primitive. I don't see a particular need to add a convenience wrapper to BoringSSL right now. |
|
@PapaTutuWawa: I have done ticket here, do not hesitated to explain your problem. Linked to: |
|
The issue comes from the fact that I would like to use TLS Channel Binding in my application using Dart to implement SCRAM-*-PLUS. For that, however, I would need access to the TLS connection's state (if that is the correct name) to get the neccessary data. Taking this Go SCRAM implementation as inspiration, something like Go's ExportKeyingMaterial would be required. As far as I know, Dart does not expose this kind of access in the |
a-siva
added
type-enhancement
|
Happy New Year 2023 to all! Have you looked for this ticket and the @PapaTutuWawa comment? |
lrhn
added
area-vm
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
Little details, to know easily:
Thanks in advance.
The text was updated successfully, but these errors were encountered: