--- old/src/java.base/share/classes/sun/security/ssl/Handshaker.java	2017-10-06 17:48:35.565246904 -0300
+++ new/src/java.base/share/classes/sun/security/ssl/Handshaker.java	2017-10-06 17:48:35.467246962 -0300
@@ -225,6 +225,10 @@
             Debug.getBooleanProperty(
                 "jdk.tls.rejectClientInitiatedRenegotiation", false);
 
+    // To switch off the extended_master_secret extension.
+    static final boolean useExtendedMasterSecretExtension =
+            Debug.getBooleanProperty("jsse.useExtendedMasterSecret", true);
+
     // need to dispose the object when it is invalidated
     boolean invalidated;
 
@@ -1276,10 +1280,15 @@
         int prfHashLength = prf.getPRFHashLength();
         int prfBlockSize = prf.getPRFBlockSize();
 
+        byte[] sessionHash = null;
+        if (session.getUseExtendedMasterSecret()){
+            sessionHash = handshakeHash.getFinishedHash();
+        }
+
         @SuppressWarnings("deprecation")
         TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
                 preMasterSecret, (majorVersion & 0xFF), (minorVersion & 0xFF),
-                clnt_random.random_bytes, svr_random.random_bytes,
+                clnt_random.random_bytes, svr_random.random_bytes, sessionHash,
                 prfHashAlg, prfHashLength, prfBlockSize);
 
         try {