-
Sam
Now that draft-ietf-kitten-tls-channel-bindings-for-tls13-16 is in the queue for publication as an RFC, are there any server devs that are planning on implementing it? I'd like to find another implementation (done by someone else) to test against so that I can make sure everything is working before I push out my own implementation.
-
MattJ
Feel free to open a Prosody issue for it, though I can't commit to any of us working on it, it might happen
-
Sam
Done, thank you. If you do decide to implement it (in my own implementation it was a 2 line change), I would be happy to test and validate it. Prosody is currently the only server that my automated tests work well with, so that would be ideal! https://issues.prosody.im/1760
-
Sam
(but if anyone else implements it, I am also happy to manually test and help out)
-
Zash
I'm guessing it may need some change in LuaSec.
-
Zash
Time to dig up the XEP-0440 WIP
-
Sam
Ah yah, maybe it would. Just glancing at their docs it doesn't appear to give you access to keying material at all
-
Sam
oh wait, no, I just can't Ctrl+F without making a typo. Looks like "export" may be it (naturally there is no documentation about how that works, of course): https://github.com/brunoos/luasec/wiki/LuaSec-1.1.0#conn_info
-
Sam
Oh, maybe not, in the code that looks like a bool. No idea what that is.
-
Zash
Maybe something like https://github.com/Zash/luasec/commit/541e34ee95cd59e7d1d03a49df8559b76ae0bfb9
-
Zash
Huh, is that info thing new?
-
grishka@5222.de
btw I did manage to send myself a message with nothing but my own code (https://twitter.com/grishka11/status/1531732650154770435)
-
Sam
Oh nice, anything I can do to help get that pushed upstream?
-
Zash
Ah, that export bool is probably whether the selected cipher is an EXPORT cipher, aka super weak and should never ever be used today
-
Zash
Sam, you can tell me if that's actually the relevant OpenSSL API used
-
Sam
Zash: that's the one
-
Zash
And its inputs are the things described in section 2 of the draft?
-
Sam
Context and label? Yup
-
moparisthebest
grishka@5222.de: congrats, good work
-
Zash
So, I wonder how clients will react to the return of SCRAM-SHA-1-PLUS
-
Sam
Good idea, I should test that with a few clients
-
Zash
Sam, if you're able to build luasec and prosody locally, you could try https://github.com/brunoos/luasec/pull/187 + https://hg.prosody.im/timber/rev/60074d0d201a
-
Sam
I'll give it a shot, I don't think I've ever gotten it working before, but I am probably on a different system than I normally use, so maybe it will work