author | wetmore |
Tue, 15 May 2018 10:48:19 -0700 | |
branch | JDK-8145252-TLS13-branch |
changeset 56557 | daa34bd1c8dc |
parent 56542 | 56aaa6cb3693 |
child 56559 | a423173d0578 |
permissions | -rw-r--r-- |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
1 |
/* |
56557 | 2 |
* Copyright (c) 2017, Red Hat, Inc. and/or its affiliates. |
3 |
* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved. |
|
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
4 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
5 |
* |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
6 |
* This code is free software; you can redistribute it and/or modify it |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
7 |
* under the terms of the GNU General Public License version 2 only, as |
48373
f9152f462cbc
8193758: Update copyright headers of files in src tree that are missing Classpath exception
alanb
parents:
48225
diff
changeset
|
8 |
* published by the Free Software Foundation. Oracle designates this |
f9152f462cbc
8193758: Update copyright headers of files in src tree that are missing Classpath exception
alanb
parents:
48225
diff
changeset
|
9 |
* particular file as subject to the "Classpath" exception as provided |
f9152f462cbc
8193758: Update copyright headers of files in src tree that are missing Classpath exception
alanb
parents:
48225
diff
changeset
|
10 |
* by Oracle in the LICENSE file that accompanied this code. |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
11 |
* |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
12 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
13 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
14 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
15 |
* version 2 for more details (a copy is included in the LICENSE file that |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
16 |
* accompanied this code). |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
17 |
* |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
18 |
* You should have received a copy of the GNU General Public License version |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
19 |
* 2 along with this work; if not, write to the Free Software Foundation, |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
20 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
21 |
* |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
22 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
23 |
* or visit www.oracle.com if you need additional information or have any |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
24 |
* questions. |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
25 |
*/ |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
26 |
|
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
27 |
package sun.security.ssl; |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
28 |
|
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
29 |
import java.io.IOException; |
56542 | 30 |
import java.nio.ByteBuffer; |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
31 |
import javax.net.ssl.SSLProtocolException; |
56542 | 32 |
import static sun.security.ssl.SSLConfiguration.allowLegacyMasterSecret; |
33 |
import static sun.security.ssl.SSLConfiguration.allowLegacyResumption; |
|
34 |
import static sun.security.ssl.SSLExtension.CH_EXTENDED_MASTER_SECRET; |
|
35 |
import sun.security.ssl.SSLExtension.ExtensionConsumer; |
|
36 |
import static sun.security.ssl.SSLExtension.SH_EXTENDED_MASTER_SECRET; |
|
37 |
import sun.security.ssl.SSLExtension.SSLExtensionSpec; |
|
38 |
import sun.security.ssl.SSLHandshake.HandshakeMessage; |
|
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
39 |
|
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
40 |
/** |
56542 | 41 |
* Pack of the "extended_master_secret" extensions [RFC 5746]. |
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
42 |
*/ |
56542 | 43 |
final class ExtendedMasterSecretExtension { |
44 |
static final HandshakeProducer chNetworkProducer = |
|
45 |
new CHExtendedMasterSecretProducer(); |
|
46 |
static final ExtensionConsumer chOnLoadConcumer = |
|
47 |
new CHExtendedMasterSecretConsumer(); |
|
48 |
static final HandshakeAbsence chOnLoadAbsence = |
|
49 |
new CHExtendedMasterSecretAbsence(); |
|
50 |
||
51 |
static final HandshakeProducer shNetworkProducer = |
|
52 |
new SHExtendedMasterSecretProducer(); |
|
53 |
static final ExtensionConsumer shOnLoadConcumer = |
|
54 |
new SHExtendedMasterSecretConsumer(); |
|
55 |
static final HandshakeAbsence shOnLoadAbsence = |
|
56 |
new SHExtendedMasterSecretAbsence(); |
|
57 |
||
58 |
static final SSLStringize emsStringize = |
|
59 |
new ExtendedMasterSecretStringize(); |
|
60 |
||
61 |
/** |
|
62 |
* The "extended_master_secret" extension. |
|
63 |
*/ |
|
64 |
static final class ExtendedMasterSecretSpec implements SSLExtensionSpec { |
|
65 |
// A nominal object that does not holding any real renegotiation info. |
|
66 |
static final ExtendedMasterSecretSpec NOMINAL = |
|
67 |
new ExtendedMasterSecretSpec(); |
|
68 |
||
69 |
private ExtendedMasterSecretSpec() { |
|
70 |
// blank |
|
71 |
} |
|
72 |
||
73 |
private ExtendedMasterSecretSpec(ByteBuffer m) throws IOException { |
|
74 |
// Parse the extension. |
|
75 |
if (m.hasRemaining()) { |
|
76 |
throw new SSLProtocolException( |
|
77 |
"Invalid extended_master_secret extension data: " + |
|
78 |
"not empty"); |
|
79 |
} |
|
80 |
} |
|
81 |
||
82 |
@Override |
|
83 |
public String toString() { |
|
84 |
return "<empty>"; |
|
85 |
} |
|
86 |
} |
|
87 |
||
88 |
private static final |
|
89 |
class ExtendedMasterSecretStringize implements SSLStringize { |
|
90 |
@Override |
|
91 |
public String toString(ByteBuffer buffer) { |
|
92 |
try { |
|
93 |
return (new ExtendedMasterSecretSpec(buffer)).toString(); |
|
94 |
} catch (IOException ioe) { |
|
95 |
// For debug logging only, so please swallow exceptions. |
|
96 |
return ioe.getMessage(); |
|
97 |
} |
|
98 |
} |
|
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
99 |
} |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
100 |
|
56542 | 101 |
/** |
102 |
* Network data producer of a "extended_master_secret" extension in |
|
103 |
* the ClientHello handshake message. |
|
104 |
*/ |
|
105 |
private static final |
|
106 |
class CHExtendedMasterSecretProducer implements HandshakeProducer { |
|
107 |
// Prevent instantiation of this class. |
|
108 |
private CHExtendedMasterSecretProducer() { |
|
109 |
// blank |
|
110 |
} |
|
111 |
||
112 |
@Override |
|
113 |
public byte[] produce(ConnectionContext context, |
|
114 |
HandshakeMessage message) throws IOException { |
|
115 |
// The producing happens in client side only. |
|
116 |
ClientHandshakeContext chc = (ClientHandshakeContext)context; |
|
117 |
||
118 |
// Is it a supported and enabled extension? |
|
119 |
if (!chc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET)) { |
|
120 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
121 |
SSLLogger.fine( |
|
122 |
"Ignore unavailable extended_master_secret extension"); |
|
123 |
} |
|
124 |
||
125 |
return null; |
|
126 |
} |
|
127 |
||
128 |
if (chc.handshakeSession == null || |
|
129 |
chc.handshakeSession.useExtendedMasterSecret) { |
|
130 |
byte[] extData = new byte[0]; |
|
131 |
chc.handshakeExtensions.put(CH_EXTENDED_MASTER_SECRET, |
|
132 |
ExtendedMasterSecretSpec.NOMINAL); |
|
133 |
||
134 |
return extData; |
|
135 |
} |
|
136 |
||
137 |
return null; |
|
138 |
} |
|
139 |
} |
|
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
140 |
|
56542 | 141 |
/** |
142 |
* Network data producer of a "extended_master_secret" extension in |
|
143 |
* the ServerHello handshake message. |
|
144 |
*/ |
|
145 |
private static final |
|
146 |
class CHExtendedMasterSecretConsumer implements ExtensionConsumer { |
|
147 |
// Prevent instantiation of this class. |
|
148 |
private CHExtendedMasterSecretConsumer() { |
|
149 |
// blank |
|
150 |
} |
|
151 |
||
152 |
@Override |
|
153 |
public void consume(ConnectionContext context, |
|
154 |
HandshakeMessage message, ByteBuffer buffer) throws IOException { |
|
155 |
||
156 |
// The comsuming happens in server side only. |
|
157 |
ServerHandshakeContext shc = (ServerHandshakeContext)context; |
|
158 |
||
159 |
// Is it a supported and enabled extension? |
|
160 |
if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET)) { |
|
161 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
162 |
SSLLogger.fine("Ignore unavailable extension: " + |
|
163 |
CH_EXTENDED_MASTER_SECRET.name); |
|
164 |
} |
|
165 |
return; // ignore the extension |
|
166 |
} |
|
167 |
||
168 |
// Parse the extension. |
|
169 |
ExtendedMasterSecretSpec spec; |
|
170 |
try { |
|
171 |
spec = new ExtendedMasterSecretSpec(buffer); |
|
172 |
} catch (IOException ioe) { |
|
173 |
shc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe); |
|
174 |
return; // fatal() always throws, make the compiler happy. |
|
175 |
} |
|
176 |
||
177 |
if (shc.isResumption && shc.resumingSession != null && |
|
178 |
!shc.resumingSession.useExtendedMasterSecret) { |
|
179 |
// For abbreviated handshake request, If the original |
|
180 |
// session did not use the "extended_master_secret" |
|
181 |
// extension but the new ClientHello contains the |
|
182 |
// extension, then the server MUST NOT perform the |
|
183 |
// abbreviated handshake. Instead, it SHOULD continue |
|
184 |
// with a full handshake. |
|
185 |
shc.isResumption = false; |
|
186 |
shc.resumingSession = null; |
|
187 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
188 |
SSLLogger.fine( |
|
189 |
"abort session resumption which did not use " + |
|
190 |
"Extended Master Secret extension"); |
|
191 |
} |
|
192 |
} |
|
193 |
||
194 |
// Update the context. |
|
195 |
// |
|
196 |
shc.handshakeExtensions.put( |
|
197 |
CH_EXTENDED_MASTER_SECRET, ExtendedMasterSecretSpec.NOMINAL); |
|
198 |
||
199 |
// No impact on session resumption. |
|
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
200 |
} |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
201 |
} |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
202 |
|
56542 | 203 |
/** |
204 |
* The absence processing if a "extended_master_secret" extension is |
|
205 |
* not present in the ClientHello handshake message. |
|
206 |
*/ |
|
207 |
private static final |
|
208 |
class CHExtendedMasterSecretAbsence implements HandshakeAbsence { |
|
209 |
@Override |
|
210 |
public void absent(ConnectionContext context, |
|
211 |
HandshakeMessage message) throws IOException { |
|
212 |
// The producing happens in server side only. |
|
213 |
ServerHandshakeContext shc = (ServerHandshakeContext)context; |
|
214 |
||
215 |
// Is it a supported and enabled extension? |
|
216 |
if (!shc.sslConfig.isAvailable(CH_EXTENDED_MASTER_SECRET)) { |
|
217 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
218 |
SSLLogger.fine("Ignore unavailable extension: " + |
|
219 |
CH_EXTENDED_MASTER_SECRET.name); |
|
220 |
} |
|
221 |
return; // ignore the extension |
|
222 |
} |
|
223 |
||
224 |
if (!allowLegacyMasterSecret) { |
|
225 |
// For full handshake, if the server receives a ClientHello |
|
226 |
// without the extension, it SHOULD abort the handshake if |
|
227 |
// it does not wish to interoperate with legacy clients. |
|
228 |
// |
|
229 |
// As if extended master extension is required for full |
|
230 |
// handshake, it MUST be used in abbreviated handshake too. |
|
231 |
shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
|
232 |
"Extended Master Secret extension is required"); |
|
233 |
} |
|
234 |
||
235 |
if (shc.isResumption && shc.resumingSession != null) { |
|
236 |
if (shc.resumingSession.useExtendedMasterSecret) { |
|
237 |
// For abbreviated handshake request, if the original |
|
238 |
// session used the "extended_master_secret" extension |
|
239 |
// but the new ClientHello does not contain it, the |
|
240 |
// server MUST abort the abbreviated handshake. |
|
241 |
shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
|
242 |
"Missing Extended Master Secret extension " + |
|
243 |
"on session resumption"); |
|
244 |
} else { |
|
245 |
// For abbreviated handshake request, if neither the |
|
246 |
// original session nor the new ClientHello uses the |
|
247 |
// extension, the server SHOULD abort the handshake. |
|
248 |
if (!allowLegacyResumption) { |
|
249 |
shc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
|
250 |
"Missing Extended Master Secret extension " + |
|
251 |
"on session resumption"); |
|
252 |
} else { // Otherwise, continue with a full handshake. |
|
253 |
shc.isResumption = false; |
|
254 |
shc.resumingSession = null; |
|
255 |
if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) { |
|
256 |
SSLLogger.fine( |
|
257 |
"abort session resumption, " + |
|
258 |
"missing Extended Master Secret extension"); |
|
259 |
} |
|
260 |
} |
|
261 |
} |
|
262 |
} |
|
263 |
} |
|
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
264 |
} |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
265 |
|
56542 | 266 |
/** |
267 |
* Network data producer of a "extended_master_secret" extension in |
|
268 |
* the ServerHello handshake message. |
|
269 |
*/ |
|
270 |
private static final |
|
271 |
class SHExtendedMasterSecretProducer implements HandshakeProducer { |
|
272 |
// Prevent instantiation of this class. |
|
273 |
private SHExtendedMasterSecretProducer() { |
|
274 |
// blank |
|
275 |
} |
|
276 |
||
277 |
@Override |
|
278 |
public byte[] produce(ConnectionContext context, |
|
279 |
HandshakeMessage message) throws IOException { |
|
280 |
// The producing happens in server side only. |
|
281 |
ServerHandshakeContext shc = (ServerHandshakeContext)context; |
|
282 |
||
283 |
if (shc.handshakeSession.useExtendedMasterSecret) { |
|
284 |
byte[] extData = new byte[0]; |
|
285 |
shc.handshakeExtensions.put(SH_EXTENDED_MASTER_SECRET, |
|
286 |
ExtendedMasterSecretSpec.NOMINAL); |
|
287 |
||
288 |
return extData; |
|
289 |
} |
|
290 |
||
291 |
return null; |
|
292 |
} |
|
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
293 |
} |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
294 |
|
56542 | 295 |
/** |
296 |
* Network data consumer of a "extended_master_secret" extension in |
|
297 |
* the ServerHello handshake message. |
|
298 |
*/ |
|
299 |
private static final |
|
300 |
class SHExtendedMasterSecretConsumer implements ExtensionConsumer { |
|
301 |
// Prevent instantiation of this class. |
|
302 |
private SHExtendedMasterSecretConsumer() { |
|
303 |
// blank |
|
304 |
} |
|
305 |
||
306 |
@Override |
|
307 |
public void consume(ConnectionContext context, |
|
308 |
HandshakeMessage message, ByteBuffer buffer) throws IOException { |
|
309 |
// The producing happens in client side only. |
|
310 |
ClientHandshakeContext chc = (ClientHandshakeContext)context; |
|
311 |
||
312 |
// In response to the client extended_master_secret extension |
|
313 |
// request, which is mandatory for ClientHello message. |
|
314 |
ExtendedMasterSecretSpec requstedSpec = (ExtendedMasterSecretSpec) |
|
315 |
chc.handshakeExtensions.get(CH_EXTENDED_MASTER_SECRET); |
|
316 |
if (requstedSpec == null) { |
|
317 |
chc.conContext.fatal(Alert.UNSUPPORTED_EXTENSION, |
|
318 |
"Server sent the extended_master_secret " + |
|
319 |
"extension improperly"); |
|
320 |
} |
|
321 |
||
322 |
// Parse the extension. |
|
323 |
ExtendedMasterSecretSpec spec; |
|
324 |
try { |
|
325 |
spec = new ExtendedMasterSecretSpec(buffer); |
|
326 |
} catch (IOException ioe) { |
|
327 |
chc.conContext.fatal(Alert.UNEXPECTED_MESSAGE, ioe); |
|
328 |
return; // fatal() always throws, make the compiler happy. |
|
329 |
} |
|
330 |
||
331 |
if (chc.isResumption && chc.resumingSession != null && |
|
332 |
!chc.resumingSession.useExtendedMasterSecret) { |
|
333 |
chc.conContext.fatal(Alert.UNSUPPORTED_EXTENSION, |
|
334 |
"Server sent an unexpected extended_master_secret " + |
|
335 |
"extension on session resumption"); |
|
336 |
} |
|
337 |
||
338 |
// Update the context. |
|
339 |
chc.handshakeExtensions.put( |
|
340 |
SH_EXTENDED_MASTER_SECRET, ExtendedMasterSecretSpec.NOMINAL); |
|
341 |
||
342 |
// No impact on session resumption. |
|
343 |
} |
|
344 |
} |
|
345 |
||
346 |
/** |
|
347 |
* The absence processing if a "extended_master_secret" extension is |
|
348 |
* not present in the ServerHello handshake message. |
|
349 |
*/ |
|
350 |
private static final |
|
351 |
class SHExtendedMasterSecretAbsence implements HandshakeAbsence { |
|
352 |
@Override |
|
353 |
public void absent(ConnectionContext context, |
|
354 |
HandshakeMessage message) throws IOException { |
|
355 |
// The producing happens in client side only. |
|
356 |
ClientHandshakeContext chc = (ClientHandshakeContext)context; |
|
357 |
||
358 |
if (SSLConfiguration.useExtendedMasterSecret |
|
359 |
&& !SSLConfiguration.allowLegacyMasterSecret) { |
|
360 |
// For full handshake, if a client receives a ServerHello |
|
361 |
// without the extension, it SHOULD abort the handshake if |
|
362 |
// it does not wish to interoperate with legacy servers. |
|
363 |
chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
|
364 |
"Extended Master Secret extension is required"); |
|
365 |
} |
|
366 |
||
367 |
if (chc.isResumption && chc.resumingSession != null) { |
|
368 |
if (chc.resumingSession.useExtendedMasterSecret) { |
|
369 |
// For abbreviated handshake, if the original session used |
|
370 |
// the "extended_master_secret" extension but the new |
|
371 |
// ServerHello does not contain the extension, the client |
|
372 |
// MUST abort the handshake. |
|
373 |
chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
|
374 |
"Missing Extended Master Secret extension " + |
|
375 |
"on session resumption"); |
|
376 |
} else if (SSLConfiguration.useExtendedMasterSecret && |
|
377 |
!SSLConfiguration.allowLegacyResumption) { |
|
378 |
// Unlikely, abbreviated handshake should be discarded. |
|
379 |
chc.conContext.fatal(Alert.HANDSHAKE_FAILURE, |
|
380 |
"Extended Master Secret extension is required"); |
|
381 |
} |
|
382 |
} |
|
383 |
} |
|
48225
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
384 |
} |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
385 |
} |
718669e6b375
8148421: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
xuelei
parents:
diff
changeset
|
386 |