--- old/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java	2017-10-06 17:48:34.529247520 -0300
+++ new/src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java	2017-10-06 17:48:34.429247579 -0300
@@ -777,7 +777,8 @@
                     && (type != ExtensionType.EXT_ALPN)
                     && (type != ExtensionType.EXT_RENEGOTIATION_INFO)
                     && (type != ExtensionType.EXT_STATUS_REQUEST)
-                    && (type != ExtensionType.EXT_STATUS_REQUEST_V2)) {
+                    && (type != ExtensionType.EXT_STATUS_REQUEST_V2)
+                    && (type != ExtensionType.EXT_EXTENDED_MASTER_SECRET)) {
                 // Note: Better to check client requested extensions rather
                 // than all supported extensions.
                 fatalSE(Alerts.alert_unsupported_extension,
@@ -796,6 +797,35 @@
         if (debug != null && Debug.isOn("handshake")) {
             System.out.println("** " + cipherSuite);
         }
+
+        if (useExtendedMasterSecretExtension) {
+            // check Extended Master Secret extension
+            ExtendedMasterSecretExtension extendedMasterSecretExtension = (ExtendedMasterSecretExtension)
+                    mesg.extensions.get(ExtensionType.EXT_EXTENDED_MASTER_SECRET);
+            if (extendedMasterSecretExtension != null) {
+                if (resumingSession) {
+                    if (!session.getUseExtendedMasterSecret()) {
+                        // Full-handshake was not using Extended Master Secret
+                        // However, Extended Master Secret was received on 
+                        // session resumption.
+                        throw new SSLHandshakeException(
+                                "Unexpected Extended Master Secret extension on session resumption");
+                    }
+                } else {
+                    session.setUseExtendedMasterSecret();
+                }
+            } else {
+                if (resumingSession) {
+                    if (session.getUseExtendedMasterSecret()) {
+                        // Full-handshake was using Extended Master Secret
+                        // However, Extended Master Secret was not received
+                        // on session resumption.
+                        throw new SSLHandshakeException(
+                                "Extended Master Secret extension missing on session resumption");
+                    }
+                }
+            }
+        }
     }
 
     /*
@@ -1539,6 +1569,15 @@
             clientHelloMessage.addSignatureAlgorithmsExtension(localSignAlgs);
         }
 
+        // add Extended Master Secret extension
+        if (useExtendedMasterSecretExtension) {
+            if (maxProtocolVersion.useTLS10PlusSpec()) {
+                if (!resumingSession || session.getUseExtendedMasterSecret()) {
+                    clientHelloMessage.addExtendedMasterSecretExtension();
+                }
+            }
+        }
+
         // add server_name extension
         if (enableSNIExtension) {
             if (session != null) {