RFC 9266: Channel Bindings for TLS 1.3 support
Neustradamus opened this issue ยท 4 comments
Neustradamus commented
Dear @UWPX team,
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
Channel Bindings for TLS: https://datatracker.ietf.org/doc/html/rfc5929
- XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html
- XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html
- XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html
- XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html
Little details, to know easily:
- tls-unique for TLS =< 1.2
- tls-server-end-point
- tls-exporter for TLS = 1.3
I think that you have seen the jabber.ru MITM and Channel Binding is the solution:
- https://notes.valdikss.org.ru/jabber.ru-mitm/
- https://snikket.org/blog/on-the-jabber-ru-mitm/
- https://www.devever.net/~hl/xmpp-incident
- https://blog.jmp.chat/b/certwatch
Thanks in advance.
Linked to:
COM8 commented
Yes, I would like to, but there is currently no support for TLS1.3 build into C# (UWP). I was planing to enable TLS1.3 a couple of months ago and there weren't any plans from MS to add support for it, since UWP is now a "deprecated" platform.
Neustradamus commented
@COM8: Where is the code exactly?
We can create a ticket to add this feature...
Neustradamus commented
@COM8: Have you progressed?
Since jabber.ru MITM, a lot of devs wake up ^^