< prev index next >
src/java.base/share/classes/sun/security/ssl/ClientHandshaker.java
Print this page
@@ -775,11 +775,12 @@
&& (type != ExtensionType.EXT_EC_POINT_FORMATS)
&& (type != ExtensionType.EXT_SERVER_NAME)
&& (type != ExtensionType.EXT_ALPN)
&& (type != ExtensionType.EXT_RENEGOTIATION_INFO)
&& (type != ExtensionType.EXT_STATUS_REQUEST)
- && (type != ExtensionType.EXT_STATUS_REQUEST_V2)) {
+ && (type != ExtensionType.EXT_STATUS_REQUEST_V2)
+ && (type != ExtensionType.EXT_EXTENDED_MASTER_SECRET)) {
// Note: Better to check client requested extensions rather
// than all supported extensions.
fatalSE(Alerts.alert_unsupported_extension,
"Server sent an unsupported extension: " + type);
}
@@ -794,10 +795,39 @@
session.setMaximumPacketSize(maximumPacketSize);
setHandshakeSessionSE(session);
if (debug != null && Debug.isOn("handshake")) {
System.out.println("** " + cipherSuite);
}
+
+ if (useExtendedMasterSecretExtension) {
+ // check Extended Master Secret extension
+ ExtendedMasterSecretExtension extendedMasterSecretExtension = (ExtendedMasterSecretExtension)
+ mesg.extensions.get(ExtensionType.EXT_EXTENDED_MASTER_SECRET);
+ if (extendedMasterSecretExtension != null) {
+ if (resumingSession) {
+ if (!session.getUseExtendedMasterSecret()) {
+ // Full-handshake was not using Extended Master Secret
+ // However, Extended Master Secret was received on
+ // session resumption.
+ throw new SSLHandshakeException(
+ "Unexpected Extended Master Secret extension on session resumption");
+ }
+ } else {
+ session.setUseExtendedMasterSecret();
+ }
+ } else {
+ if (resumingSession) {
+ if (session.getUseExtendedMasterSecret()) {
+ // Full-handshake was using Extended Master Secret
+ // However, Extended Master Secret was not received
+ // on session resumption.
+ throw new SSLHandshakeException(
+ "Extended Master Secret extension missing on session resumption");
+ }
+ }
+ }
+ }
}
/*
* Server's own key was either a signing-only key, or was too
* large for export rules ... this message holds an ephemeral
@@ -1537,10 +1567,19 @@
}
clientHelloMessage.addSignatureAlgorithmsExtension(localSignAlgs);
}
+ // add Extended Master Secret extension
+ if (useExtendedMasterSecretExtension) {
+ if (maxProtocolVersion.useTLS10PlusSpec()) {
+ if (!resumingSession || session.getUseExtendedMasterSecret()) {
+ clientHelloMessage.addExtendedMasterSecretExtension();
+ }
+ }
+ }
+
// add server_name extension
if (enableSNIExtension) {
if (session != null) {
requestedServerNames = session.getRequestedServerNames();
} else {
< prev index next >