Fwd: channel binding

Jeremy Harris jgh at wizmail.org
Mon Jan 11 22:31:01 UTC 2021

On 11/01/2021 22:07, Benjamin Kaduk wrote:
>> Looking at the implementation, SSL_export_keying_material() only
>> functions for TLS 1.3 .  This is not documented.  Is this a bug?
> Are you looking at SSL_export_keying_material() or SSL_export_keying_material_early()?

Doh.  I was looking at the wrong routine; thanks.
But, per below, now moot.

> If you need to interwork with other implementations/an existing protocol,
> you have to stick with the Finished-based channel bindings; the exporter
> interface is a new protocol mechanism and the whole protocol/ecosystem has
> to be expecting to use it.

Right. So we have implementations out there using it; will the OpenSSL
project consider promoting it to supported status so that it doesn't
disappear in some future release?

> With TLS 1.2 and extended master secret this is not known to be broken (and
> yes, that is a very carefully phrased statement).

Understood :)   Like all crypto...

More information about the openssl-users mailing list