Software / code / verse
Changeset
454:9f27a2075e9e
util.sasl.scram: Disable 'tls-unique' channel binding on TLS 1.3
See background in https://issues.prosody.im/1542
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 03 Aug 2022 03:06:26 +0200 |
| parents | 453:e60c776b7760 |
| children | 455:753d6983dc45 |
| files | util/sasl/scram.lua |
| diffstat | 1 files changed, 4 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/util/sasl/scram.lua Wed Aug 03 03:04:17 2022 +0200 +++ b/util/sasl/scram.lua Wed Aug 03 03:06:26 2022 +0200 @@ -37,7 +37,10 @@ local function cb(conn) if conn:ssl() then - if sock.getfinished then + local sock = conn:socket(); + if sock.info and sock:info().protocol == "TLSv1.3" then + return false + elseif sock.getfinished then return "p=tls-unique", sock:getfinished(); end end
