# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1659488786 -7200
# Node ID 9f27a2075e9e8e7678470f33ffea0c8c32f3cb45
# Parent  e60c776b776093a4d34b2db32375c558a8de7f17
util.sasl.scram: Disable 'tls-unique' channel binding on TLS 1.3

See background in https://issues.prosody.im/1542

diff -r e60c776b7760 -r 9f27a2075e9e util/sasl/scram.lua
--- a/util/sasl/scram.lua	Wed Aug 03 03:04:17 2022 +0200
+++ b/util/sasl/scram.lua	Wed Aug 03 03:06:26 2022 +0200
@@ -37,7 +37,10 @@
 
 local function cb(conn)
 	if conn:ssl() then
-		if sock.getfinished then
+		local sock = conn:socket();
+		if sock.info and sock:info().protocol == "TLSv1.3" then
+			return false
+		elseif sock.getfinished then
 			return "p=tls-unique", sock:getfinished();
 		end
 	end