Closed Neustradamus closed 2 years ago
Could you share a bit about the use case you have for this?
It is used for SCRAM-SHA-1-PLUS / SCRAM-SHA-256-PLUS / SCRAM-SHA-512-PLUS / SCRAM-SHA3-512-PLUS.
Some RFCs:
Products which use TLS Binding, some have already added tls-exporter in more tls-unique.
SCRAM-SHA-1(-PLUS) and SCRAM-SHA-256(-PLUS):
SCRAM-SHA-256(-PLUS):
SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS), SCRAM-SHA3-512(-PLUS):
SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-512(-PLUS):
SCRAM-SHA-1(-PLUS), SCRAM-SHA-224(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS):
SCRAM-SHA-1(-PLUS), SCRAM-SHA-256(-PLUS), SCRAM-SHA-384(-PLUS), SCRAM-SHA-512(-PLUS):
SCRAM-SHA-1(-PLUS):
Linked to:
Do you know if OpenSSL supports this?
@alex: I have done a ticket here:
The channel binding can be implemented with SSL_export_keying_material. It is mostly trivial except for two facts:
SSL_ctrl
with SSL_CTRL_GET_EXTMS_SUPPORT
seems to work.SSL_export_keying_material
is available in pyca/cryptography, which to me indicates that this is a pyOpenSSL bug, not a pyca/cryptography one.
You still need SSL_CTRL_GET_EXTMS_SUPPORT
in order to check for EMS when the connection uses TLS 1.2.
This channel binding mechanism is defined only when the TLS handshake results in unique master secrets. This is true of TLS versions prior to 1.3 when the extended master secret extension of [RFC7627] is in use, and it is always true for TLS 1.3 (see Appendix D of [RFC8446]).
👍, I think we'd be ok taking a patch for that.
@alex: Thanks a lot for this improvement and @reaperhulk for merging of this PR:
Merged commit:
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
Little details, to know easily:
Thanks in advance.