Closed Neustradamus closed 8 months ago
Duplicate of #95341.
This looks like a feature request, as we don't currently claim to support this RFC at all.
But again, I find this report hard to understand. Perhaps showing an example of the Python code you would like to write but currently cannot would be helpful?
(Reopening for now, because this is a different RFC from the other issue. Though they are painfully similar in text, which I hope we can get clarifications on.)
Ah nope, I see it's a duplicate of an even older issue that does cover both. Carry on!
@erlend-aasland, @zooba: Thanks for your answer.
Yes, it is a duplicate of https://github.com/python/cpython/issues/95350 because the ticket has been closed without the solution, the RFC9266 support.
This ticket is for "tls-exporter" support.
Several projects wait you, example:
The recent Slixmpp announcement about the problem in CPython is here:
Please do not mix this ticket with another, the specified ticket here speaks about the "tls-unique" problem which must not work with TLS 1.3, not directly the RFC9266 missing support:
And there is another ticket for "tls-server-end-point" missing support here:
It is possible to have a PR, a commit with the security solution for "tls-exporter", and another one for "tls-server-end-point"?
Thanks in advance.
Bug report
Bug description:
Dear @Python team,
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
Little details, to know easily:
A best SCRAM SASL and Channel Binding explanation:
An announcement has been done by Slixmpp team here about the security problem:
I think that you have seen the jabber.ru MITM:
Can you add "tls-server-end-point" from RFC5929 too?
It is needed for all SCRAM-SHA-*-PLUS (several RFCs) and specified in:
All links about it:
cc: @davidben, @wingel, @eighthave, @jchampio, @gst, @lowinger42, @ezio-melotti, @AlexWaygood, @njsmith, @zooba, @tlocke, @agronholm, @oberstet.
Thanks in advance.
Linked to:
CPython versions tested on:
CPython main branch
Operating systems tested on:
Other