New GitHub issue #95341 from davidben:<br>

<hr>

<pre>
CPython's `get_channel_binding` method implements the tls-unique channel binding for TLS 1.3:
https://github.com/python/cpython/blob/main/Lib/test/test_ssl.py#L671-L681
https://github.com/python/cpython/blob/main/Modules/_ssl.c#L2705

But this is incorrect. tls-unique is vulnerable to a couple of attacks ([3SHAKE](https://www.mitls.org/pages/attacks/3SHAKE), [SLOTH](https://www.mitls.org/pages/attacks/SLOTH)), so it was [left undefined](https://datatracker.ietf.org/doc/html/rfc8446#appendix-C.5) in TLS 1.3. [RFC 9266](https://datatracker.ietf.org/doc/html/rfc9266) defines a replacement tls-exporter binding, built with Export Keying Material instead.
</pre>

<hr>

<a href="https://github.com/python/cpython/issues/95341">View on GitHub</a>
<p>Labels: type-bug</p>
<p>Assignee: </p>