Hi, does the Android SDK already provide an API to access the tls-unique [1] channel-binding of a TLS session. That is the decrypted first finished message of TLS handshake of a TLS session. The general JDK doesn't seem to have such API, see [2], or at least I couldn't find it. It would be really nice if the Android SDK wouldn't fall back security wise compared to the general JDK SE, which doesn't seem to have seen that much updates in the area of TLS and/or SASL over the last couple of years.
If such API doesn't exist at the moment, what are the chances of such APIs being added in future so developers don't have to escape to native development for high secure requirements. Channel binding is required by a couple of protocols, including but not limited to the SCRAM SASL mechanism family[3]. Cheers, Tobias [1] http://tools.ietf.org/html/rfc5929#section-3.1 [2] http://www.ietf.org/mail-archive/web/kitten/current/msg02765.html [3] http://tools.ietf.org/html/rfc5802 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
