476 SSLConfiguration.useExtendedMasterSecret) {
477
478 boolean isEmsAvailable = chc.sslConfig.isAvailable(
479 SSLExtension.CH_EXTENDED_MASTER_SECRET, sessionVersion);
480 if (isEmsAvailable && !session.useExtendedMasterSecret &&
481 !SSLConfiguration.allowLegacyResumption) {
482 // perform full handshake instead
483 //
484 // The client SHOULD NOT offer an abbreviated handshake
485 // to resume a session that does not use an extended
486 // master secret. Instead, it SHOULD offer a full
487 // handshake.
488 session = null;
489 }
490
491 if ((session != null) &&
492 !ClientHandshakeContext.allowUnsafeServerCertChange) {
493 // It is fine to move on with abbreviate handshake if
494 // endpoint identification is enabled.
495 String identityAlg = chc.sslConfig.identificationProtocol;
496 if ((identityAlg == null || identityAlg.length() == 0)) {
497 if (isEmsAvailable) {
498 if (!session.useExtendedMasterSecret) {
499 // perform full handshake instead
500 session = null;
501 } // Otherwise, use extended master secret.
502 } else {
503 // The extended master secret extension does not
504 // apply to SSL 3.0. Perform a full handshake
505 // instead.
506 //
507 // Note that the useExtendedMasterSecret is
508 // extended to protect SSL 3.0 connections,
509 // by discarding abbreviate handshake.
510 session = null;
511 }
512 }
513 }
514 }
515
516 // ensure that the endpoint identification algorithm matches the
|
476 SSLConfiguration.useExtendedMasterSecret) {
477
478 boolean isEmsAvailable = chc.sslConfig.isAvailable(
479 SSLExtension.CH_EXTENDED_MASTER_SECRET, sessionVersion);
480 if (isEmsAvailable && !session.useExtendedMasterSecret &&
481 !SSLConfiguration.allowLegacyResumption) {
482 // perform full handshake instead
483 //
484 // The client SHOULD NOT offer an abbreviated handshake
485 // to resume a session that does not use an extended
486 // master secret. Instead, it SHOULD offer a full
487 // handshake.
488 session = null;
489 }
490
491 if ((session != null) &&
492 !ClientHandshakeContext.allowUnsafeServerCertChange) {
493 // It is fine to move on with abbreviate handshake if
494 // endpoint identification is enabled.
495 String identityAlg = chc.sslConfig.identificationProtocol;
496 if (identityAlg == null || identityAlg.isEmpty()) {
497 if (isEmsAvailable) {
498 if (!session.useExtendedMasterSecret) {
499 // perform full handshake instead
500 session = null;
501 } // Otherwise, use extended master secret.
502 } else {
503 // The extended master secret extension does not
504 // apply to SSL 3.0. Perform a full handshake
505 // instead.
506 //
507 // Note that the useExtendedMasterSecret is
508 // extended to protect SSL 3.0 connections,
509 // by discarding abbreviate handshake.
510 session = null;
511 }
512 }
513 }
514 }
515
516 // ensure that the endpoint identification algorithm matches the
|