On Sun, Jan 10, 2021 at 02:44:38PM +0000, Jeremy Harris wrote: > Hi, > > What is the status of SSL_get_finidhed() / SSL_get_peer_finished() ? > > I do not find them documented at > https://urldefense.com/v3/__https://www.openssl.org/docs/manmaster/man3/__;!!GjvTz_vk!FUYwEktTkE4ZmFeJKSFeBQe32kr0I0dcFxh_MkPMjns_JZ71rpQTYGbTm08g6w$ > > but they are exported by the library and seem to be required, for > application channel-binding. Current recommendations are not to use the finished message as the channel binding but instead to define key exporter label for the given usage (see https://tools.ietf.org/html/rfc8446#section-7.5), using SSL_export_keying_material(). -Ben
