Overview#
Channel Bindings for TLS (
RFC 5929) defines three
Channel Binding Types (
RFC 5056) for Transport Layer Security (TLS)
tls-server-end-point Channel Binding Type#
The
hash of the
TLS server's
certificate RFC 5280 as it appears, octet for octet, in the server's
Certificate message.
Note that the Certificate message contains a certificate_list, in which the first element is the server's certificate.
The hash function is to be selected as follows:
tls-unique Channel Binding Type#
The first
TLS-Finished message sent (note: the
TLS-Finished struct, not the
TLS Record Protocol message containing it) in the most recent
TLS Handshake of the TLS connection being bound to (note: TLS connection, not session, so that the channel binding is specific to each connection regardless of whether session resumption is used).
tls-unique-for-telnet Channel Binding Type#
There is a proposal for adding a "
StartTLS" extension to
TELNET, and a
Channel Binding extension for the various
TELNET AUTH mechanisms whereby each side sends the other a "checksum"
MAC (
Message Authentication Code) of their view of the channel's bindings.
The client uses the TLS Finished messages (note: the Finished struct) sent by the client and server, each concatenated in that order and in their cleartext form, of the first TLS handshake to which the connection is being bound. The server does the same but in the opposite concatenation order (server, then client).
There might be more information for this subject on one of the following: