mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-04-12 16:20:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

TODO: TLS channel binding

Browse Source 
Closes #13483
This commit is contained in:
brian m. carlson 2024-06-18 10:29:43 +02:00 committed by Daniel Stenberg
parent 66bf995d1c
commit 04739054cd
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/TODO
View File

@ -111,6 +111,7 @@
13. TLS
13.1 TLS-PSK with OpenSSL
13.2 TLS channel binding
13.3 Defeat TLS fingerprinting
13.5 Export session ids
13.6 Provide callback for cert verification
@ -784,6 +785,23 @@
https://github.com/curl/curl/issues/5081
13.2 TLS channel binding
TLS 1.2 and 1.3 provide the ability to extract some secret data from the TLS
connection and use it in the client request (usually in some sort of
authentication) to ensure that the data sent is bound to the specific TLS
connection and cannot be successfully intercepted by a proxy. This
functionality can be used in a standard authentication mechanism such as
GSS-API or SCRAM, or in custom approaches like custom HTTP Authentication
headers.
For TLS 1.2, the binding type is usually tls-unique, and for TLS 1.3 it is
tls-exporter.
https://datatracker.ietf.org/doc/html/rfc5929
https://datatracker.ietf.org/doc/html/rfc9266
https://github.com/curl/curl/issues/9226
13.3 Defeat TLS fingerprinting
By changing the order of TLS extensions provided in the TLS handshake, it is