< prev index next >

src/java.base/share/classes/sun/security/ssl/ServerHandshaker.java

Print this page

        

@@ -848,10 +848,39 @@
 
         if (protocolVersion.useTLS12PlusSpec()) {
             handshakeHash.setFinishedAlg(cipherSuite.prfAlg.getPRFHashAlg());
         }
 
+        if (useExtendedMasterSecretExtension) {
+            // check Extended Master Secret extension
+            ExtendedMasterSecretExtension extendedMasterSecretExtension = (ExtendedMasterSecretExtension)
+                    mesg.extensions.get(ExtensionType.EXT_EXTENDED_MASTER_SECRET);
+            if (extendedMasterSecretExtension != null) {
+                if (resumingSession) {
+                    if (!session.getUseExtendedMasterSecret()) {
+                        // Full-handshake was not using Extended Master Secret
+                        // However, Extended Master Secret was received on 
+                        // session resumption.
+                        throw new SSLHandshakeException(
+                                "Unexpected Extended Master Secret extension on session resumption");
+                    }                
+                } else {
+                    session.setUseExtendedMasterSecret();
+                }
+            } else {
+                if (resumingSession) {
+                    if (session.getUseExtendedMasterSecret()) {
+                        // Full-handshake was using Extended Master Secret
+                        // However, Extended Master Secret was not received
+                        // on session resumption.
+                        throw new SSLHandshakeException(
+                                "Extended Master Secret extension missing on session resumption");
+                    }
+                }
+            }
+        }
+
         m1.cipherSuite = cipherSuite;
         m1.sessionId = session.getSessionId();
         m1.compression_method = session.getCompression();
 
         if (secureRenegotiation) {

@@ -884,10 +913,16 @@
             //
             // Otherwise, use the same value as the requested extension.
             m1.extensions.add(maxFragLenExt);
         }
 
+        if (useExtendedMasterSecretExtension) {
+            if (session.getUseExtendedMasterSecret()) {
+                m1.extensions.add(new ExtendedMasterSecretExtension());
+            }
+        }
+
         StaplingParameters staplingParams = processStapling(mesg);
         if (staplingParams != null) {
             // We now can safely assert status_request[_v2] in our
             // ServerHello, and know for certain that we can provide
             // responses back to this client for this connection.
< prev index next >