RFC 9266: Channel Bindings for TLS 1.3 support
* Neustradamus * <neustradamus@hotmail.com>
From: * Neustradamus * <neustradamus@hotmail.com>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-20T20:58:54Z
Lists: pgsql-hackers
Dear PostgreSQL team, dear all, In 2022, I have contacted PostgreSQL team about Channel Binding: - https://www.postgresql.org/search/?m=1&q=tls-exporter&l=&d=-1&s=i We are in 2025, I relaunch the subject because several developers always say me: "it is not supported by PostgreSQL". Can you add the support of RFC 9266: Channel Bindings for TLS 1.3? - https://datatracker.ietf.org/doc/html/rfc9266 Channel Bindings for TLS: https://datatracker.ietf.org/doc/html/rfc5929 - XEP-0388: Extensible SASL Profile: https://xmpp.org/extensions/xep-0388.html - XEP-0440: SASL Channel-Binding Type Capability: https://xmpp.org/extensions/xep-0440.html - XEP-0474: SASL SCRAM Downgrade Protection: https://xmpp.org/extensions/xep-0474.html - XEP-0480: SASL Upgrade Tasks: https://xmpp.org/extensions/xep-0480.html Little details, to know easily: - tls-unique for TLS =< 1.2 (RFC5929) - tls-server-end-point =< 1.2 + 1.3 (RFC5929) - tls-exporter for TLS = 1.3 (RFC9266) After the jabber.ru MITM, it is time to add it: - https://notes.valdikss.org.ru/jabber.ru-mitm/ - https://snikket.org/blog/on-the-jabber-ru-mitm/ - https://www.devever.net/~hl/xmpp-incident - https://blog.jmp.chat/b/certwatch/certwatch Linked to: - Channel Binding: https://github.com/scram-sasl/info/issues/1 Thanks in advance. Regards, Neustradamus