Fwd: channel binding
Jeremy Harris
jgh at wizmail.org
Mon Jan 11 21:26:30 UTC 2021
On 11/01/2021 08:20, Benjamin Kaduk wrote:
> Current recommendations are not to use the finished message as the channel
> binding but instead to define key exporter label for the given usage
> (see https://tools.ietf.org/html/rfc8446#section-7.5), using SSL_export_keying_material().
Follow-on question on SSL_export_keying_material() -
what "label" should I supply?
I need to interwork with other implementations that are using
SSL_get_finished() (client side) / SSL_get_peer_finished() (server side).
Does that imply I should use "client finished"
(per
https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels
)
as the label? Does the label length for the SSL_export_keying_material()
call include the terminating NUL or not?
--
Cheers,
Jeremy
More information about the openssl-users
mailing list