RFC 9266: Channel Bindings for TLS 1.3 support

[Neustradamus]

Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

• https://datatracker.ietf.org/doc/html/rfc9266

Little details, to know easily:

• tls-unique for TLS =< 1.2
• tls-exporter for TLS = 1.3

Thanks in advance.

[agronholm]

Seems easy enough – a few extra lines maybe, plus an added test.

[agronholm]

Hit a problem while testing: ValueError: 'tls-exporter' channel binding type not implemented. Are you sure Python can support this?

[Neustradamus]

I think that there is only the support of "tls-unique":

• https://github.com/search?q=org%3Apython+tls-unique&type=code

[agronholm]

That was my conclusion as well. So this can only be implemented when Python itself supports tls-exporter.

[Neustradamus]

@agronholm: I have done a ticket and @davidben too:

• https://github.com/search?q=org%3Apython+tls-unique&type=issues

I have previously contacted @davidben about boringssl ^^

[Neustradamus]

@agronholm: @tiran has done it:

• https://github.com/python/cpython/pull/95366