Get channel binding binding information for TLS connection #44
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Channel Bindings for TLS (RFC 5929, RFC 5056). Channel Bindings for TLS is very usefull because it can be used to detect MiTM attacks when the attacker is using valid certificates (certificates signed by Certification Authority).
For example: if a XMPP client is connecting to a XMPP server and the SCRAM-SHA-1-PLUS authentication mechanism is used during login (RFC 5802), the login will fail in the presence of MiTM attacker, because the TLS channel binding data is used in calculation of password hashes.
The method get_channel_binding supports only "tls-unique" channel binding. It can used the same way as get_channel_binding() in Python 3 ssl module.
http://docs.python.org/3/library/ssl.html