Dear PostgreSQL team, dear all, In 2022, I have contacted PostgreSQL team about Channel Binding: - https://www.postgresql.org/search/?m=1&q=tls-exporter&l=&d=-1&s=i
We are in 2025, I relaunch the subject because several developers always say me: "it is not supported by PostgreSQL". Can you add the support of RFC 9266: Channel Bindings for TLS 1.3? - https://datatracker.ietf.org/doc/html/rfc9266 Channel Bindings for TLS: https://datatracker.ietf.org/doc/html/rfc5929 - XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html - XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html - XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html - XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html Little details, to know easily: - tls-unique for TLS =< 1.2 (RFC5929) - tls-server-end-point =< 1.2 + 1.3 (RFC5929) - tls-exporter for TLS = 1.3 (RFC9266) After the jabber.ru MITM, it is time to add it: - https://notes.valdikss.org.ru/jabber.ru-mitm/ - https://snikket.org/blog/on-the-jabber-ru-mitm/ - https://www.devever.net/~hl/xmpp-incident - https://blog.jmp.chat/b/certwatch/certwatch Linked to: - Channel Binding: https://github.com/scram-sasl/info/issues/1 Thanks in advance. Regards, Neustradamus
