jdev - 2022-06-01


  1. Sam

    Now that draft-ietf-kitten-tls-channel-bindings-for-tls13-16 is in the queue for publication as an RFC, are there any server devs that are planning on implementing it? I'd like to find another implementation (done by someone else) to test against so that I can make sure everything is working before I push out my own implementation.

  2. MattJ

    Feel free to open a Prosody issue for it, though I can't commit to any of us working on it, it might happen

  3. Sam

    Done, thank you. If you do decide to implement it (in my own implementation it was a 2 line change), I would be happy to test and validate it. Prosody is currently the only server that my automated tests work well with, so that would be ideal! https://issues.prosody.im/1760

  4. Sam

    (but if anyone else implements it, I am also happy to manually test and help out)

  5. Zash

    I'm guessing it may need some change in LuaSec.

  6. Zash

    Time to dig up the XEP-0440 WIP

  7. Sam

    Ah yah, maybe it would. Just glancing at their docs it doesn't appear to give you access to keying material at all

  8. Sam

    oh wait, no, I just can't Ctrl+F without making a typo. Looks like "export" may be it (naturally there is no documentation about how that works, of course): https://github.com/brunoos/luasec/wiki/LuaSec-1.1.0#conn_info

  9. Sam

    Oh, maybe not, in the code that looks like a bool. No idea what that is.

  10. Zash

    Maybe something like https://github.com/Zash/luasec/commit/541e34ee95cd59e7d1d03a49df8559b76ae0bfb9

  11. Zash

    Huh, is that info thing new?

  12. grishka@5222.de

    btw I did manage to send myself a message with nothing but my own code (https://twitter.com/grishka11/status/1531732650154770435)

  13. Sam

    Oh nice, anything I can do to help get that pushed upstream?

  14. Zash

    Ah, that export bool is probably whether the selected cipher is an EXPORT cipher, aka super weak and should never ever be used today

  15. Zash

    Sam, you can tell me if that's actually the relevant OpenSSL API used

  16. Sam

    Zash: that's the one

  17. Zash

    And its inputs are the things described in section 2 of the draft?

  18. Sam

    Context and label? Yup

  19. moparisthebest

    grishka@5222.de: congrats, good work

  20. Zash

    So, I wonder how clients will react to the return of SCRAM-SHA-1-PLUS

  21. Sam

    Good idea, I should test that with a few clients

  22. Zash

    Sam, if you're able to build luasec and prosody locally, you could try https://github.com/brunoos/luasec/pull/187 + https://hg.prosody.im/timber/rev/60074d0d201a

  23. Sam

    I'll give it a shot, I don't think I've ever gotten it working before, but I am probably on a different system than I normally use, so maybe it will work