Remove channel binding workarounds.

Servers should rather upgrade to a version where these issues are fixed than working around in this library.
mdosch · Nov 6, 2023 · 6fd0e54 · 6fd0e54
1 parent 10c26c8
commit 6fd0e54
Showing 1 changed file with 4 additions and 26 deletions.
diff --git a/xmpp.go b/xmpp.go
@@ -471,32 +471,10 @@ func (c *Client) init(o *Options) error {
 				tlsState := tlsConn.ConnectionState()
 				switch tlsState.Version {
 				case tls.VersionTLS13:
-					// Some ejabberd versions do not support "tls-exporter" but do channel
-					// binding for TLSv1.3 using "tls-unique". This will work around the
-					// issue.
-					for _, cb := range f.ChannelBinding.ChannelBinding {
-						if cb.Type == "tls-exporter" {
-							tls13 = true
-							keyingMaterial, err = tlsState.ExportKeyingMaterial("EXPORTER-Channel-Binding", nil, 32)
-							if err != nil {
-								return err
-							}
-						}
-						// Use "tls-unique" if "tls-exporter" is not supported.
-						if !tls13 {
-							keyingMaterial = tlsState.TLSUnique
-						}
-					}
-					// Metronome also uses "tls-unique" instead of "tls-exporter"
-					// when TLSv1.3 is used but doesn't report the supported channel binding
-					// methods. Therefore assume "tls-exporter" which is the correct channel
-					// binding method for TLSv1.3 in this case.
-					if len(f.ChannelBinding.ChannelBinding) == 0 {
-						tls13 = true
-						keyingMaterial, err = tlsState.ExportKeyingMaterial("EXPORTER-Channel-Binding", nil, 32)
-						if err != nil {
-							return err
-						}
+					tls13 = true
+					keyingMaterial, err = tlsState.ExportKeyingMaterial("EXPORTER-Channel-Binding", nil, 32)
+					if err != nil {
+						return err
 					}
 				case tls.VersionTLS10, tls.VersionTLS11, tls.VersionTLS12:
 					keyingMaterial = tlsState.TLSUnique