pages 178--183, available from
@url{https://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}.
+@item @anchor{RFC9266}[RFC9266]
+S. Whited, "Channel Bindings for TLS 1.3",
+July 2022, available from @url{https://www.ietf.org/rfc/rfc9266.txt}.
+
@end table
In @acronym{GnuTLS} you can extract a channel binding using the
@funcref{gnutls_session_channel_binding} function. Currently only the
-type @code{GNUTLS_CB_TLS_UNIQUE} is supported, which corresponds to
-the @code{tls-unique} channel binding for TLS defined in
-@xcite{RFC5929}.
+following types are supported:
+
+@itemize
+@item @code{GNUTLS_CB_TLS_UNIQUE}: corresponds to the @code{tls-unique} channel binding for TLS defined in @xcite{RFC5929}
+@item @code{GNUTLS_CB_TLS_EXPORTER}: corresponds to the @code{tls-exporter} channel binding for TLS defined in @xcite{RFC9266}
+@end itemize
The following example describes how to print the channel binding data.
Note that it must be run after a successful TLS handshake.
url="https://www.ietf.org/rfc/rfc4418.txt",
}
+@misc{rfc9266,
+ series = {Request for Comments},
+ number = 9266,
+ howpublished = {RFC 9266},
+ publisher = {RFC Editor},
+ doi = {10.17487/RFC9266},
+ url = {https://www.rfc-editor.org/info/rfc9266},
+ author = {Sam Whited},
+ title = {{Channel Bindings for TLS 1.3}},
+ pagetotal = 7,
+ year = 2022,
+ month = jul,
+ abstract = {This document defines a channel binding type, tls-exporter, that is compatible with TLS 1.3 in accordance with RFC 5056, "On the Use of Channel Bindings to Secure Channels". Furthermore, it updates the default channel binding to the new binding for versions of TLS greater than 1.2. This document updates RFCs 5801, 5802, 5929, and 7677.},
+}
\ No newline at end of file
projects / thirdparty / gnutls.git / commitdiff
