I'd like to see a patch included in mod_ssl that enables handling of the token binding protocol as defined in the soon-to-be-RFC-ed:
The token binding functionality itself can be implemented in a 3rd party modules like
which depends on:
except that somehow mod_ssl somehow needs to call into the token binding implementation code to allow it to register itself for the Token Binding TLS extension. Patch 62599 does that, see:
However, that mod_ssl patch is not token binding specific and there may be a more generic way of enabling handling of TLS extensions in 3rd-party code, hence my request for a discussion/review.