< prev index next >
src/java.base/share/classes/sun/security/ssl/Handshaker.java
Print this page
@@ -223,10 +223,14 @@
// By default, allow client initiated renegotiations.
static final boolean rejectClientInitiatedRenego =
Debug.getBooleanProperty(
"jdk.tls.rejectClientInitiatedRenegotiation", false);
+ // To switch off the extended_master_secret extension.
+ static final boolean useExtendedMasterSecretExtension =
+ Debug.getBooleanProperty("jsse.useExtendedMasterSecret", true);
+
// need to dispose the object when it is invalidated
boolean invalidated;
/*
* Is this an instance for Datagram Transport Layer Security (DTLS)?
@@ -1274,14 +1278,19 @@
String prfHashAlg = prf.getPRFHashAlg();
int prfHashLength = prf.getPRFHashLength();
int prfBlockSize = prf.getPRFBlockSize();
+ byte[] sessionHash = null;
+ if (session.getUseExtendedMasterSecret()){
+ sessionHash = handshakeHash.getFinishedHash();
+ }
+
@SuppressWarnings("deprecation")
TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
preMasterSecret, (majorVersion & 0xFF), (minorVersion & 0xFF),
- clnt_random.random_bytes, svr_random.random_bytes,
+ clnt_random.random_bytes, svr_random.random_bytes, sessionHash,
prfHashAlg, prfHashLength, prfBlockSize);
try {
KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
kg.init(spec);
< prev index next >