< prev index next >

src/java.base/share/classes/sun/security/ssl/Handshaker.java

Print this page

        

@@ -223,10 +223,14 @@
     // By default, allow client initiated renegotiations.
     static final boolean rejectClientInitiatedRenego =
             Debug.getBooleanProperty(
                 "jdk.tls.rejectClientInitiatedRenegotiation", false);
 
+    // To switch off the extended_master_secret extension.
+    static final boolean useExtendedMasterSecretExtension =
+            Debug.getBooleanProperty("jsse.useExtendedMasterSecret", true);
+
     // need to dispose the object when it is invalidated
     boolean invalidated;
 
     /*
      * Is this an instance for Datagram Transport Layer Security (DTLS)?

@@ -1274,14 +1278,19 @@
 
         String prfHashAlg = prf.getPRFHashAlg();
         int prfHashLength = prf.getPRFHashLength();
         int prfBlockSize = prf.getPRFBlockSize();
 
+        byte[] sessionHash = null;
+        if (session.getUseExtendedMasterSecret()){
+            sessionHash = handshakeHash.getFinishedHash();
+        }
+
         @SuppressWarnings("deprecation")
         TlsMasterSecretParameterSpec spec = new TlsMasterSecretParameterSpec(
                 preMasterSecret, (majorVersion & 0xFF), (minorVersion & 0xFF),
-                clnt_random.random_bytes, svr_random.random_bytes,
+                clnt_random.random_bytes, svr_random.random_bytes, sessionHash,
                 prfHashAlg, prfHashLength, prfBlockSize);
 
         try {
             KeyGenerator kg = JsseJce.getKeyGenerator(masterAlg);
             kg.init(spec);
< prev index next >