changeset
util.sasl.scram: Disable 'tls-unique' channel binding on TLS 1.3
Wed, 03 Aug 2022 03:06:26 +0200
- author
- Kim Alvefur <zash@zash.se>
- date
- Wed, 03 Aug 2022 03:06:26 +0200
- changeset 454
- 9f27a2075e9e
- parent 453
- e60c776b7760
- child 455
- 753d6983dc45
util.sasl.scram: Disable 'tls-unique' channel binding on TLS 1.3
See background in https://issues.prosody.im/1542
| util/sasl/scram.lua | file | annotate | diff | comparison | revisions |
--- a/util/sasl/scram.lua Wed Aug 03 03:04:17 2022 +0200 +++ b/util/sasl/scram.lua Wed Aug 03 03:06:26 2022 +0200 @@ -37,7 +37,10 @@ local function cb(conn) if conn:ssl() then - if sock.getfinished then + local sock = conn:socket(); + if sock.info and sock:info().protocol == "TLSv1.3" then + return false + elseif sock.getfinished then return "p=tls-unique", sock:getfinished(); end end
