#1760 Implement tls-exporter channel binding for TLS 1.3
Reporter
Sam
Owner
Zash
Created
Updated
Stars
★ (1)
Tags
Status-Started
Type-Enhancement
Priority-Medium
Sam
on
Description of feature:
Implement the TLS 1.3 channel bindings currently defined in https://datatracker.ietf.org/doc/draft-ietf-kitten-tls-channel-bindings-for-tls13/ (in RFC publication queue, it is unlikely that any changes will be made before the final document is ready).
Motivation: (Why?)
Prosody currently implements the tls-unique channel binding for SCRAM authentication, however, it suffers from a few potential problems described in the document linked above and is not defined at all for TLS 1.3.
To perform channel binding with TLS 1.3, a new mechanism is needed.
I propose that only when TLS 1.3 is in use tls-exporter becomes the channel binding method of choice. For any prior version of TLS, tls-unique can continue to be used.
Description of feature: Implement the TLS 1.3 channel bindings currently defined in https://datatracker.ietf.org/doc/draft-ietf-kitten-tls-channel-bindings-for-tls13/ (in RFC publication queue, it is unlikely that any changes will be made before the final document is ready). Motivation: (Why?) Prosody currently implements the tls-unique channel binding for SCRAM authentication, however, it suffers from a few potential problems described in the document linked above and is not defined at all for TLS 1.3. To perform channel binding with TLS 1.3, a new mechanism is needed. I propose that only when TLS 1.3 is in use tls-exporter becomes the channel binding method of choice. For any prior version of TLS, tls-unique can continue to be used.
Submitted https://github.com/brunoos/luasec/pull/187 binding the relevant OpenSSL method. Prosody side work-in-progress in timber.
Changes