On 08/05/2014 06:24 PM, Simo Sorce wrote: > I have been working for a little while on making it possible to use > channel bindings within an Apache server. > In order to do that some support to extract information form the TLS > layer is necessary in the server.
This is great idea, but be aware that tls_unique is fundamentally broken in its current form: http://secure-resumption.com/ This will be fixed with an update to TLS, which was recently approved for adoption by the TLS WG: https://tools.ietf.org/html/draft-bhargavan-tls-session-hash-01 but i don't think it's implemented in any of the major toolkits yet. --dkg
signature.asc
Description: OpenPGP digital signature