Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for SCRAM-SHA-*-PLUS channel binding in PHP streams (e.g., tls-unique, tls-exporter) #16766

Open
fabiang opened this issue Nov 12, 2024 · 5 comments
Open

Add support for SCRAM-SHA-*-PLUS channel binding in PHP streams (e.g., tls-unique, tls-exporter) #16766

fabiang opened this issue Nov 12, 2024 · 5 comments
Labels
Category: Streams Extension: openssl Feature Status: Needs Triage

Comments

@fabiang
Copy link

fabiang commented Nov 12, 2024
edited
Loading

Description

Hello,

I'm the maintainer of the fabiang/sasl library, which implements various SASL mechanisms. Since many SASL mechanisms have been deprecated over the years due to security issues, I am interested in improving the security of the SCRAM-SHA-* SASL mechanisms.

The SCRAM-SHA-*-PLUS mechanisms offer better security through channel binding. The recommended channel binding types are:

  • tls-unique for TLS <= 1.2
  • tls-server-end-point
  • tls-exporter for TLS >= 1.3

Currently, PHP lacks support for channel binding, as no API is exposed to access data from the underlying secure socket. Additionally, more and more server software is adding support for channel binding.

For example, Python:

To enable this in PHP, a simple API to retrieve channel binding data from a stream context would be beneficial.

A potential function could:

  • return data from OpenSSL's SSL_get_peer_finished when channel binding is set to "tls-unique" and TLS 1.2 is used,
  • use OpenSSL's SSL_export_keying_material when channel binding is set to "tls-exporter" and TLS <= 1.3 is used,
  • trigger a warning when "tls-unique" is used with TLS 1.3,
  • and trigger an error if the stream or context is not a TLS connection.

(Note: "tls-exporter" should also be supported on TLS 1.2 connections.)

stream_crypto_channel_binding(resource $stream_or_context, string $channel_binding_type): string;

Making this function compatible with both streams and contexts should cover all use cases.

Thank you.
@fabiang fabiang mentioned this issue Nov 12, 2024
Open
@Neustradamus
Copy link

@fabiang: Thanks for your ticket, a lot of PHP projects wait the solution to add -PLUS variants.

@Neustradamus
Copy link

Dear @php team,

Have you progressed on this ticket?

@bukka
Copy link
Member

bukka commented Jan 19, 2025

There are still bunch of open bug for tls streams so I won't be probably able to get to it anytime soon but if someone else creates a PR containing tests, I should be able to review it.

@Neustradamus
Copy link

@bukka: Thanks for your answer!

It is always possible to work on it before to solve all other bugs?

This feature is very important and permit to have more security...

@Neustradamus Neustradamus mentioned this issue Feb 3, 2025
Open
@Neustradamus
Copy link

@bukka: For your information, the recent Dovecot 2.4.0 has SCRAM-SHA-1-PLUS/SCRAM-SHA-256-PLUS supports in more SCRAM-SHA-1/SCRAM-SHA-256. It arrives after Exim, indimail-mta, msmtp, mpop, ...

About PHP, SCRAM has been added in, people wait for -PLUS variants:

  • PEAR Auth_SASL/Auth_SASL2/Net_SMTP (used by a lot of projects like Roundcube etc.)
  • SnappyMail
  • SquirelMail
  • Horde

Linked to:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: Streams Extension: openssl Feature Status: Needs Triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Neustradamus @bukka @fabiang @cmb69