src/jdk.security.jgss/share/classes/com/sun/security/sasl/gsskerb/GssKrb5Client.java

@@ -33,10 +33,11 @@
 
 // JAAS
 import javax.security.auth.callback.CallbackHandler;
 
 // JGSS
+import sun.security.jgss.krb5.internal.TlsChannelBindingImpl;
 import org.ietf.jgss.*;
 
 /**
  * Implements the GSSAPI SASL client mechanism for Kerberos V5.
  * (<A HREF="http://www.ietf.org/rfc/rfc2222.txt">RFC 2222</A>,

@@ -148,10 +149,18 @@
                     mutual = "true".equalsIgnoreCase(prop);
                 }
             }
             secCtx.requestMutualAuth(mutual);
 
+            if (props != null) {
+                // TLS Channel Binding
+                byte[] tlsCB = (byte[])props.get("jdk.internal.sasl.tlschannelbinding");
+                if (tlsCB != null) {
+                    secCtx.setChannelBinding(new TlsChannelBindingImpl(tlsCB));
+                }
+            }
+
             // Always specify potential need for integrity and confidentiality
             // Decision will be made during final handshake
             secCtx.requestConf(true);
             secCtx.requestInteg(true);