RFC 9266: Channel Bindings for TLS 1.3 support

[Neustradamus]

Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

• https://datatracker.ietf.org/doc/html/rfc9266

Little details, to know easily:

• tls-unique for TLS =< 1.2
• tls-server-end-point
• tls-exporter for TLS = 1.3

I think that you have seen the jabber.ru MITM:

• https://notes.valdikss.org.ru/jabber.ru-mitm/
• https://snikket.org/blog/on-the-jabber-ru-mitm/
• https://www.devever.net/~hl/xmpp-incident
• https://blog.jmp.chat/b/certwatch

It is needed for all SCRAM-SHA-*-PLUS (several RFCs) and specified in:

• XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html
• XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html
• XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html
• XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html

A best SCRAM SASL and Channel Binding explanation:

• State of Play scram-sasl/info#1

An announcement has been done by Slixmpp team here about the security problem:

• https://blog.mathieui.net/en/slixmpp-1.8.5.html

Thanks in advance.

Linked to:

• d649480
• ssl module incorrectly supports tls-unique channel binding for TLS 1.3 #95341
• https://github.com/python/cpython/search?q=tls-unique
• https://github.com/python/cpython/search?q=tls-server-end-point
• https://github.com/python/cpython/search?q=5929
• https://github.com/python/cpython/search?q=tls-exporter
• https://github.com/python/cpython/search?q=9266
• Support the tls-exporter channel binding tlocke/scramp#9
• • https://codeberg.org/poezio/slixmpp/issues/3498

[tiran]

Let's keep the discussion in #95341

[Neustradamus]

@tiran: Thanks!

Linked to:

• gh-95341: Implement tls-exporter channel bindings and export key materials #95366

[Neustradamus]

All links about it:

• Add support for export_keying_material to SSL library #82133
• ssl module: add getter for SSL_CTX* and SSL* #88068
• ssl module incorrectly supports tls-unique channel binding for TLS 1.3 #95341
• bpo-37952: SSL: add support for export_keying_material #25255
• gh-95341: Implement tls-exporter channel bindings and export key materials #95366
• https://bugs.python.org/issue37952
• https://bugs.python.org/issue43902

cc: @davidben, @wingel, @eighthave, @jchampio, @gst, @lowinger42, @ezio-melotti, @AlexWaygood, @njsmith, @zooba, @tlocke, @agronholm, @oberstet.

[Neustradamus]

Dear @python team,

I have done a new ticket for the "tls-exporter", because this ticket has been closed without a security solution.

• RFC 9266: Channel Bindings for TLS 1.3 support #115193

The initial ticket has been created in 2022, we are in 2024, no security changes have been done.

I have done another ticket for the missing "tls-server-end-point" part too:

• tls-server-end-point RFC5929 (Channel Binding) missing support #115195

Several projects are blocked because it is not in CPython...

It is possible to have a PR, a commit with the security solution for "tls-exporter", and another one for "tls-server-end-point"?

Thanks in advance.

[zooba]

Please use the issue you were directed to use.