RFC 9266: Channel Bindings for TLS 1.3 support

[Neustradamus]

Bug report

Bug description:

Dear @python team,

Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

• https://datatracker.ietf.org/doc/html/rfc9266

Little details, to know easily:

• tls-unique for TLS =< 1.2
• tls-server-end-point
• tls-exporter for TLS = 1.3

A best SCRAM SASL and Channel Binding explanation:

• State of Play scram-sasl/info#1

An announcement has been done by Slixmpp team here about the security problem:

• https://blog.mathieui.net/en/slixmpp-1.8.5.html

I think that you have seen the jabber.ru MITM:

• https://notes.valdikss.org.ru/jabber.ru-mitm/
• https://snikket.org/blog/on-the-jabber-ru-mitm/
• https://www.devever.net/~hl/xmpp-incident
• https://blog.jmp.chat/b/certwatch

Can you add "tls-server-end-point" from RFC5929 too?

• https://datatracker.ietf.org/doc/html/rfc5929

It is needed for all SCRAM-SHA-*-PLUS (several RFCs) and specified in:

• XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html
• XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html
• XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html
• XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html

All links about it:

• RFC 9266: Channel Bindings for TLS 1.3 support #95350
• Support the tls-exporter channel binding tlocke/scramp#9
• https://codeberg.org/poezio/slixmpp/issues/3498
• Add support for export_keying_material to SSL library #82133
• ssl module: add getter for SSL_CTX* and SSL* #88068
• ssl module incorrectly supports tls-unique channel binding for TLS 1.3 #95341
• bpo-37952: SSL: add support for export_keying_material #25255
• gh-95341: Implement tls-exporter channel bindings and export key materials #95366
• https://bugs.python.org/issue37952
• https://bugs.python.org/issue43902

cc: @davidben, @wingel, @eighthave, @jchampio, @gst, @lowinger42, @ezio-melotti, @AlexWaygood, @njsmith, @zooba, @tlocke, @agronholm, @oberstet.

Thanks in advance.

Linked to:

• d649480
• https://github.com/python/cpython/search?q=tls-unique
• https://github.com/python/cpython/search?q=tls-server-end-point
• https://github.com/python/cpython/search?q=5929
• https://github.com/python/cpython/search?q=tls-exporter
• https://github.com/python/cpython/search?q=9266

CPython versions tested on:

CPython main branch

Operating systems tested on:

Other

[erlend-aasland]

Duplicate of #95341.

[zooba]

This looks like a feature request, as we don't currently claim to support this RFC at all.

But again, I find this report hard to understand. Perhaps showing an example of the Python code you would like to write but currently cannot would be helpful?

(Reopening for now, because this is a different RFC from the other issue. Though they are painfully similar in text, which I hope we can get clarifications on.)

[zooba]

Ah nope, I see it's a duplicate of an even older issue that does cover both. Carry on!

[Neustradamus]

@erlend-aasland, @zooba: Thanks for your answer.

Yes, it is a duplicate of #95350 because the ticket has been closed without the solution, the RFC9266 support.

This ticket is for "tls-exporter" support.

Several projects wait you, example:

• Support the tls-exporter channel binding tlocke/scramp#9
• https://codeberg.org/poezio/slixmpp/issues/3498

The recent Slixmpp announcement about the problem in CPython is here:

• https://blog.mathieui.net/en/slixmpp-1.8.5.html
• https://codeberg.org/poezio/slixmpp/issues/3498

Please do not mix this ticket with another, the specified ticket here speaks about the "tls-unique" problem which must not work with TLS 1.3, not directly the RFC9266 missing support:

• ssl module incorrectly supports tls-unique channel binding for TLS 1.3 #95341

And there is another ticket for "tls-server-end-point" missing support here:

• tls-server-end-point RFC5929 (Channel Binding) missing support #115195

It is possible to have a PR, a commit with the security solution for "tls-exporter", and another one for "tls-server-end-point"?

Thanks in advance.

[zooba]

#95341 is still open. Please use that issue.