Fwd: channel binding
Jeremy Harris
jgh at wizmail.org
Mon Jan 11 21:05:36 UTC 2021
On 11/01/2021 08:20, Benjamin Kaduk wrote:
>> What is the status of SSL_get_finidhed() / SSL_get_peer_finished() ?
>>
>> I do not find them documented at
>> https://urldefense.com/v3/__https://www.openssl.org/docs/manmaster/man3/__;!!GjvTz_vk!FUYwEktTkE4ZmFeJKSFeBQe32kr0I0dcFxh_MkPMjns_JZ71rpQTYGbTm08g6w$
>>
>> but they are exported by the library and seem to be required, for
>> application channel-binding.
>
> Current recommendations are not to use the finished message as the channel
> binding but instead to define key exporter label for the given usage
> (see https://tools.ietf.org/html/rfc8446#section-7.5), using SSL_export_keying_material().
Looking at the implementation, SSL_export_keying_material() only
functions for TLS 1.3 . This is not documented. Is this a bug?
"Only defined for TLS 1.0 and above" says the docs; I can live
with that. But if 1.2 doesn't working with it, will SSL_get_finished()
do so (I an enforcing Extended-Master-Secret or not-Resumption) ?
--
Cheers,
Jeremy
More information about the openssl-users
mailing list