Re: Channel binding being attempted even when SCRAM PLUS not advertized

[Manvendra Bhangui]

On Tue, 16 Aug 2022 at 00:02, Simon Josefsson <simon@josefsson.org> wrote:
>
> Manvendra Bhangui <mbhangui@gmail.com> writes:
>
> > On Mon, 15 Aug 2022 at 23:36, Simon Josefsson <simon@josefsson.org> wrote:
> >>
> >> Manvendra Bhangui <mbhangui@gmail.com> writes:
> >>
> >> > I have recently added SCRAM-SHA-1, SCRAM-SHA-1-PLUS, SCRAM-SHA-256 and
> >> > SCRAM-SHA-256-PLUS, to my smtp daemon, using gsasl.
> >>
> >> Thank you!  Is indimail packaged for some distribution?
> >>
> > It is packaged officially for any distribution, but my users mostly
> > install it from openSUSE build service for most linux distributions or
> > use the docker images from github.
>
> Maybe it would be possible to integrate this into GitLab CI/CD... what
> is the name of the docker image?  Does it ship with recent gsasl?
>
I'm yet to merge the PR for SCRAM-*-PLUS into master and build the
docker image. The next release will have gsasl and support
tls-exporter. Hopefully it should be out before the end of this month.

The PR which has tls-exporter is
https://github.com/mbhangui/indimail-mta/pull/33
The docker images are at
https://hub.docker.com/r/cprogrammer/indimail-mta
and
https://github.com/mbhangui?tab=packages

>
> Both msmtp and GNU MailUtils uses gsasl, and while tls-exporter support
> may be missing right now, it shouldn't be hard to add it.
>
> Getting interop of all this working would be great -- I know the Exim
> folks are looking into this too.

I tried cyrus-sasl too. However I find using gsasl much easier and
better. It literally took few hours to make SCRAM-SHA-1 and
SCRAM-SHA-256 work.

For the PLUS variant it took me almost a week before I discovered the
openssl functions
SSL_get_peer_finished() and SSL_export_keying_material().

Now it works like a charm with gsasl.
-- 
Regards Manvendra - http://www.indimail.org
GPG Pub Key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC7CBC760014D250C