Here are a handful I found while digging around online. I don't know how much ground this covers in terms of XMPP clients and servers, but since tls-unique isn't supported everywhere and this is a specific mechanism built into TLS for channel binding it seems like it's a better fit either way:
- Go crypto/tls: https://golang.org/pkg/crypto/tls/#ConnectionState.ExportKeyingMaterial - Java BouncyCastle: https://www.bouncycastle.org/docs/tlsdocs1.5on/org/bouncycastle/tls/TlsContext.html#exportKeyingMaterial-java.lang.String-byte:A-int- - OpenSSL: https://www.openssl.org/docs/man1.1.1/man3/SSL_export_keying_material.html - Rust's rusttls: https://docs.rs/rustls/0.17.0/rustls/trait.Session.html#tymethod.export_keying_material This page also shows a handful: https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Extensions For Java's built in TLS stuff (and the similar APIs on Android) I had trouble finding information (I find the Java ecosystems docs incredibly hard to navigate, and they don't appear to do SEO very well either). I found a project (using Java 8, so maybe outdated?) that seemed to be implementing it themselves (I guess Java's APIs let you get at the master secret, so with that you can do all the hashing yourself). So it is possible, but maybe not built in. On Wed, May 6, 2020, at 11:32, Daniel Gultsch wrote: > As I understand it the TLS implementation needs to support rfc5705 for > this to work. Do you happen to know if this is the case for some of > the more popular libraries? -- Sam Whited _______________________________________________ Standards mailing list Info: https://mail.jabber.org/mailman/listinfo/standards Unsubscribe: [email protected] _______________________________________________
