Change requests for 2 plugins: qca-ossl and qca-cyrus-sasl: - First plugin should have some API to return data from SSL_get_finished() - Second one should have some API to accept this data and also to push it down to cyrus-sasl https://paquier.xyz/postgresql-2/channel-binding-openssl/
Linked to RFC5929: Channel Bindings for TLS - https://tools.ietf.org/html/rfc5929 - https://www.iana.org/assignments/channel-binding-types/channel-binding-types.xhtml
I have done a ticket for RFC 9266: Channel Bindings for TLS 1.3: - https://bugs.kde.org/show_bug.cgi?id=476562 I think that you have seen the jabber.ru MITM: - https://notes.valdikss.org.ru/jabber.ru-mitm/ - https://snikket.org/blog/on-the-jabber-ru-mitm/ - https://www.devever.net/~hl/xmpp-incident - https://blog.jmp.chat/b/certwatch
Dear QCA team members, I wish you a Happy New Year 2024! After some comments, an email sent to security@qt.io, there is an important comment about my original ticket about Channel Binding and Qt, I think that you can do an answer here? You are impacted... - https://bugreports.qt.io/browse/QTBUG-77783?focusedId=768178&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-768178 Thanks in advance.
Why do you keep spamming bugs? There's 0 need to write the same comment here and in https://bugs.kde.org/show_bug.cgi?id=476562 The only thing you achieve by that is your reports being more ignored because of your behaviour