Submit a PR -- Senior Architect, Akamai Technologies IM: [email protected] Twitter: RichSalz
From: Bill Cox [mailto:[email protected]] Sent: Wednesday, March 30, 2016 3:07 AM To: [email protected] Subject: [openssl-dev] Token binding as a custom extension Hi. I implemented the token binding TLS negotiation extension in BoringSSL using the OpenSSL custom extension API. AFAIK, there are no current examples of any custom extensions in the OpenSSL code base. Is this correct? While my ulterior motive is to promote token binding (Google pays me to work on token binding), would the OpenSSL devs find it useful to have a token binding extension as an example of how to use the OpenSSL custom extension API? If so, there is one problem still in the OpenSSL custom extension API, which was a 1-line fix in BoringSSL. The server currently checks if the handshake is a resume, and if so, does not send custom extensions. This check can easily be done in the custom extensions, and having it hard-coded makes the custom extension API impossible to use for extensions like token binding that require the extension be sent from the server on a resume. Would there be any interest in changing this behavior in the custom extension API to support more use cases like token binding? It is a very simple change. If you folks are interested, I'll submit a PR on github. Thanks, Bill
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
