[gnutls-devel] GnuTLS | doc: mention GNUTLS_CB_TLS_EXPORTER (!1636)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Aug 22 10:29:36 CEST 2022




Simon Josefsson commented:


Yes I think that would be better -- if someone really wants to compute the TLS-exporter channel binding DATA without the additional checks specified by RFC 9266 they can always call gnutls_prf_rfc5705() directly.  So I think the gnutls_session_channel_binding() API should match RFC 9266 behaviour and refuse to return anything according to this part: ```This channel binding mechanism is defined only when the TLS handshake results in unique master secrets.  This is true of TLS versions prior to 1.3 when the extended master secret extension of [RFC7627] is in use, and it is always true for TLS 1.3 (see Appendix D of [RFC8446]).```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1636#note_1072080531
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220822/66ff001c/attachment.html>


More information about the Gnutls-devel mailing list