474 SSLConfiguration.useExtendedMasterSecret) {
475
476 boolean isEmsAvailable = chc.sslConfig.isAvailable(
477 SSLExtension.CH_EXTENDED_MASTER_SECRET, sessionVersion);
478 if (isEmsAvailable && !session.useExtendedMasterSecret &&
479 !SSLConfiguration.allowLegacyResumption) {
480 // perform full handshake instead
481 //
482 // The client SHOULD NOT offer an abbreviated handshake
483 // to resume a session that does not use an extended
484 // master secret. Instead, it SHOULD offer a full
485 // handshake.
486 session = null;
487 }
488
489 if ((session != null) &&
490 !ClientHandshakeContext.allowUnsafeServerCertChange) {
491 // It is fine to move on with abbreviate handshake if
492 // endpoint identification is enabled.
493 String identityAlg = chc.sslConfig.identificationProtocol;
494 if ((identityAlg == null || identityAlg.length() == 0)) {
495 if (isEmsAvailable) {
496 if (!session.useExtendedMasterSecret) {
497 // perform full handshake instead
498 session = null;
499 } // Otherwise, use extended master secret.
500 } else {
501 // The extended master secret extension does not
502 // apply to SSL 3.0. Perform a full handshake
503 // instead.
504 //
505 // Note that the useExtendedMasterSecret is
506 // extended to protect SSL 3.0 connections,
507 // by discarding abbreviate handshake.
508 session = null;
509 }
510 }
511 }
512 }
513
514 // ensure that the endpoint identification algorithm matches the
|
474 SSLConfiguration.useExtendedMasterSecret) {
475
476 boolean isEmsAvailable = chc.sslConfig.isAvailable(
477 SSLExtension.CH_EXTENDED_MASTER_SECRET, sessionVersion);
478 if (isEmsAvailable && !session.useExtendedMasterSecret &&
479 !SSLConfiguration.allowLegacyResumption) {
480 // perform full handshake instead
481 //
482 // The client SHOULD NOT offer an abbreviated handshake
483 // to resume a session that does not use an extended
484 // master secret. Instead, it SHOULD offer a full
485 // handshake.
486 session = null;
487 }
488
489 if ((session != null) &&
490 !ClientHandshakeContext.allowUnsafeServerCertChange) {
491 // It is fine to move on with abbreviate handshake if
492 // endpoint identification is enabled.
493 String identityAlg = chc.sslConfig.identificationProtocol;
494 if (identityAlg == null || identityAlg.isEmpty()) {
495 if (isEmsAvailable) {
496 if (!session.useExtendedMasterSecret) {
497 // perform full handshake instead
498 session = null;
499 } // Otherwise, use extended master secret.
500 } else {
501 // The extended master secret extension does not
502 // apply to SSL 3.0. Perform a full handshake
503 // instead.
504 //
505 // Note that the useExtendedMasterSecret is
506 // extended to protect SSL 3.0 connections,
507 // by discarding abbreviate handshake.
508 session = null;
509 }
510 }
511 }
512 }
513
514 // ensure that the endpoint identification algorithm matches the
|