[Standards] Channel Binding with TLS 1.3

Sam Whited sam at samwhited.com
Wed May 6 16:35:33 UTC 2020


Here are a handful I found while digging around online. I don't know how
much ground this covers in terms of XMPP clients and servers, but since
tls-unique isn't supported everywhere and this is a specific mechanism
built into TLS for channel binding it seems like it's a better fit
either way:

- Go crypto/tls:
  https://golang.org/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial
- Java BouncyCastle:
  https://www.bouncycastle.org/docs/tlsdocs1.5on/org/bouncycastle/tls/TlsContext.html#exportKeyingMaterial-java.lang.String-byte:A-int-
- OpenSSL:
  https://www.openssl.org/docs/man1.1.1/man3/SSL_export_keying_material.html
- Rust's rusttls: https://docs.rs/rustls/0.17.0/rustls/trait.Session.html#tymethod.export_keying_material

This page also shows a handful: https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Extensions

For Java's built in TLS stuff (and the similar APIs on Android) I had
trouble finding information (I find the Java ecosystems docs incredibly
hard to navigate, and they don't appear to do SEO very well either). I
found a project (using Java 8, so maybe outdated?) that seemed to be
implementing it themselves (I guess Java's APIs let you get at the
master secret, so with that you can do all the hashing yourself). So it
is possible, but maybe not built in.

On Wed, May 6, 2020, at 11:32, Daniel Gultsch wrote:
> As I understand it the TLS implementation needs to support rfc5705 for
> this to work. Do you happen to know if this is the case for some of
> the more popular libraries?

-- 
Sam Whited


More information about the Standards mailing list