Bug 476562

Summary: RFC 9266: Channel Bindings for TLS 1.3
Product: [Frameworks and Libraries] qca Reporter: Neustradamus <Neustradamus>
Component: generalAssignee: Unassigned bugs <unassigned-bugs-null>
Status: REPORTED ---    
Severity: critical CC: aacid, bradh, drizt72, justin, rion4ik
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Other   
OS: Other   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Neustradamus 2023-11-05 00:39:07 UTC 
Can you add the support of RFC 9266: Channel Bindings for TLS 1.3?
- https://datatracker.ietf.org/doc/html/rfc9266

Little details, to know easily:
- tls-unique for TLS =< 1.2
- tls-server-end-point
- tls-exporter for TLS = 1.3

I think that you have seen the jabber.ru MITM:
- https://notes.valdikss.org.ru/jabber.ru-mitm/
- https://snikket.org/blog/on-the-jabber-ru-mitm/
- https://www.devever.net/~hl/xmpp-incident
- https://blog.jmp.chat/b/certwatch

Thanks in advance.

Linked to:
- https://bugs.kde.org/show_bug.cgi?id=411184
Comment 1 Neustradamus 2024-01-15 18:03:23 UTC 
Dear QCA team members,

I wish you a Happy New Year 2024!

After some comments, an email sent to security@qt.io, there is an important comment about my original ticket about Channel Binding and Qt, I think that you can do an answer here? You are impacted...
- https://bugreports.qt.io/browse/QTBUG-77783?focusedId=768178&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-768178

Thanks in advance.