mod_saslauth: Disable 'tls-unique' channel binding with TLS 1.3 (closes #1542)
The 'tls-unique' channel binding is undefined in TLS 1.3 according to a
single sentence in parenthesis in Apendix C of RFC 8446
This may trigger downgrade protection in clients that were expecting
channel binding to be available.
--- a/plugins/mod_saslauth.lua Mon Nov 23 20:38:51 2020 +0000
+++ b/plugins/mod_saslauth.lua Mon Nov 23 21:42:52 2020 +0100
@@ -252,7 +252,10 @@
-- FIXME: would be nice to have this check only once and not for every socket
if sasl_handler.add_cb_handler then
local socket = origin.conn:socket();
- if socket.getpeerfinished then
+ local info = socket.info and socket:info();
+ if info.protocol == "TLSv1.3" then
+ log("debug", "Channel binding 'tls-unique' undefined in context of TLS 1.3");
+ elseif socket.getpeerfinished then
sasl_handler:add_cb_handler("tls-unique", tls_unique);
end
sasl_handler["userdata"] = {