New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC 9266: Channel Bindings for TLS 1.3 support #595

Open

Neustradamus opened this issue Dec 25, 2023 · 1 comment

Neustradamus commented Dec 25, 2023 •

edited

Loading

Dear @qxmpp-project team,

I add this ticket for memory and Qt security improvements.

Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?

https://datatracker.ietf.org/doc/html/rfc9266

Channel Bindings for TLS: https://datatracker.ietf.org/doc/html/rfc5929

XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html (SASL 2 #606 + Implement SASL 2 #607)
XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html
XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html
XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html

Little details, to know easily:

tls-unique for TLS =< 1.2
tls-server-end-point
tls-exporter for TLS = 1.3

I think that you have seen the jabber.ru MITM and Channel Binding is the solution:

Thanks in advance.

Linked to:

Author

Neustradamus commented May 19, 2024

@lnjX: Thanks for the adding of SASL2: XEP-0388: Extensible SASL Profile: #607 (#606)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment