Fwd: channel binding
Benjamin Kaduk
bkaduk at akamai.com
Mon Jan 11 08:20:38 UTC 2021
On Sun, Jan 10, 2021 at 02:44:38PM +0000, Jeremy Harris wrote:
> Hi,
>
> What is the status of SSL_get_finidhed() / SSL_get_peer_finished() ?
>
> I do not find them documented at
> https://urldefense.com/v3/__https://www.openssl.org/docs/manmaster/man3/__;!!GjvTz_vk!FUYwEktTkE4ZmFeJKSFeBQe32kr0I0dcFxh_MkPMjns_JZ71rpQTYGbTm08g6w$
>
> but they are exported by the library and seem to be required, for
> application channel-binding.
Current recommendations are not to use the finished message as the channel
binding but instead to define key exporter label for the given usage
(see https://tools.ietf.org/html/rfc8446#section-7.5), using SSL_export_keying_material().
-Ben
More information about the openssl-users
mailing list