Description of feature: Implement the TLS 1.3 channel bindings currently defined in https://datatracker.ietf.org/doc/draft-ietf-kitten-tls-channel-bindings-for-tls13/ (in RFC publication queue, it is unlikely that any changes will be made before the final document is ready). Motivation: (Why?) Prosody currently implements the tls-unique channel binding for SCRAM authentication, however, it suffers from a few potential problems described in the document linked above and is not defined at all for TLS 1.3. To perform channel binding with TLS 1.3, a new mechanism is needed. I propose that only when TLS 1.3 is in use tls-exporter becomes the channel binding method of choice. For any prior version of TLS, tls-unique can continue to be used.

Submitted https://github.com/brunoos/luasec/pull/187 binding the relevant OpenSSL method. Prosody side work-in-progress in timber.

• tags Status-Started
• owner Zash

The LuaSec PR has been merged, so I just pushed https://hg.prosody.im/trunk/rev/29685403be32

• tags Milestone-0.13 Status-Fixed

Apparently I missed a spot to actually make it advertise SCRAM-SHA-*-PLUS when tls-exporter is available: https://hg.prosody.im/trunk/rev/78f874441e21

Thanks Sam for the RFC 9266: Channel Bindings for TLS 1.3: - https://tools.ietf.org/html/rfc9266 Thanks Zash for your work! - https://github.com/brunoos/luasec/pull/187 - https://hg.prosody.im/trunk/rev/29685403be32 - https://hg.prosody.im/trunk/rev/78f874441e21 Linked to: - https://issues.prosody.im/1542

Good news LuaSec 1.2.0 is out with your merged PR :) - https://github.com/brunoos/luasec/blob/master/CHANGELOG Thanks Zash!