Replies: 1 comment
-
|
'tls-unique' is not available in TLS 1.3. See https://datatracker.ietf.org/doc/rfc9266/ for an overview. Presumably switching to 'tls-exporter' for TLS 1.3 (or perhaps TLS 1.2 also) is the upgrade path, but it's not currently possible in BCJSSE to get that channel binding the way you describe above (see #1535). |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I can use BC jsse provider to get tls-unique value in TLS 1.2, code like:
SSLContext ctx = SSLContext.getInstance("TLS", BouncyCastleJsseProvider.PROVIDER_NAME);
ctx.init(...);
SSLSocketFactory sf = ctx.getSocketFactory();
SSLSocket so = (SSLSocket)sf.createSocket();
so.connect(new InetSocketAddress("www.baidu.com", 443));
...
BCSSLConnection con = ((BCSSLSocket)so).getConnection();
byte[] tlsUnique = con.getChannelBinding("tls-unique");
But when I changed host to tls13.1d.pw, the tlsUnique returned is null.
Is there something wrong in my code?
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions