Fwd: channel binding
jgh at wizmail.org
Mon Jan 11 22:31:01 UTC 2021
On 11/01/2021 22:07, Benjamin Kaduk wrote:
>> Looking at the implementation, SSL_export_keying_material() only
>> functions for TLS 1.3 . This is not documented. Is this a bug?
> Are you looking at SSL_export_keying_material() or SSL_export_keying_material_early()?
Doh. I was looking at the wrong routine; thanks.
But, per below, now moot.
> If you need to interwork with other implementations/an existing protocol,
> you have to stick with the Finished-based channel bindings; the exporter
> interface is a new protocol mechanism and the whole protocol/ecosystem has
> to be expecting to use it.
Right. So we have implementations out there using it; will the OpenSSL
project consider promoting it to supported status so that it doesn't
disappear in some future release?
> With TLS 1.2 and extended master secret this is not known to be broken (and
> yes, that is a very carefully phrased statement).
Understood :) Like all crypto...
More information about the openssl-users