Channel Bindings for TLS


Channel Bindings for TLS (RFC 5929) defines three Channel Binding Types (RFC 5056) for Transport Layer Security (TLS)

tls-server-end-point Channel Binding Type#

The hash of the TLS server's certificate RFC 5280 as it appears, octet for octet, in the server's Certificate message.

Note that the Certificate message contains a certificate_list, in which the first element is the server's certificate.

The hash function is to be selected as follows:

tls-unique Channel Binding Type#

The first TLS-Finished message sent (note: the TLS-Finished struct, not the TLS Record Protocol message containing it) in the most recent TLS Handshake of the TLS connection being bound to (note: TLS connection, not session, so that the channel binding is specific to each connection regardless of whether session resumption is used).

tls-unique-for-telnet Channel Binding Type#

There is a proposal for adding a "StartTLS" extension to TELNET, and a Channel Binding extension for the various TELNET AUTH mechanisms whereby each side sends the other a "checksum" MAC (Message Authentication Code) of their view of the channel's bindings.

The client uses the TLS Finished messages (note: the Finished struct) sent by the client and server, each concatenated in that order and in their cleartext form, of the first TLS handshake to which the connection is being bound. The server does the same but in the opposite concatenation order (server, then client).

More Information#

There might be more information for this subject on one of the following: