< prev index next >
src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java
Print this page
@@ -848,10 +848,39 @@
if (protocolVersion.useTLS12PlusSpec()) {
handshakeHash.setFinishedAlg(cipherSuite.prfAlg.getPRFHashAlg());
}
+ if (useExtendedMasterSecretExtension) {
+ // check Extended Master Secret extension
+ ExtendedMasterSecretExtension extendedMasterSecretExtension = (ExtendedMasterSecretExtension)
+ mesg.extensions.get(ExtensionType.EXT_EXTENDED_MASTER_SECRET);
+ if (extendedMasterSecretExtension != null) {
+ if (resumingSession) {
+ if (!session.getUseExtendedMasterSecret()) {
+ // Full-handshake was not using Extended Master Secret
+ // However, Extended Master Secret was received on
+ // session resumption.
+ throw new SSLHandshakeException(
+ "Unexpected Extended Master Secret extension on session resumption");
+ }
+ } else {
+ session.setUseExtendedMasterSecret();
+ }
+ } else {
+ if (resumingSession) {
+ if (session.getUseExtendedMasterSecret()) {
+ // Full-handshake was using Extended Master Secret
+ // However, Extended Master Secret was not received
+ // on session resumption.
+ throw new SSLHandshakeException(
+ "Extended Master Secret extension missing on session resumption");
+ }
+ }
+ }
+ }
+
m1.cipherSuite = cipherSuite;
m1.sessionId = session.getSessionId();
m1.compression_method = session.getCompression();
if (secureRenegotiation) {
@@ -884,10 +913,16 @@
//
// Otherwise, use the same value as the requested extension.
m1.extensions.add(maxFragLenExt);
}
+ if (useExtendedMasterSecretExtension) {
+ if (session.getUseExtendedMasterSecret()) {
+ m1.extensions.add(new ExtendedMasterSecretExtension());
+ }
+ }
+
StaplingParameters staplingParams = processStapling(mesg);
if (staplingParams != null) {
// We now can safely assert status_request[_v2] in our
// ServerHello, and know for certain that we can provide
// responses back to this client for this connection.
< prev index next >