Do not allow dropping Extended Master Secret extension on renegotiaton
authorTomas Mraz <tmraz@fedoraproject.org>
Thu, 4 Jun 2020 09:40:29 +0000 (11:40 +0200)
committerTomas Mraz <tmraz@fedoraproject.org>
Thu, 11 Jun 2020 07:07:28 +0000 (09:07 +0200)
commit4b7097025305b219694dd8b04f84155cd12fb71d
treefdc4ebd34760e73c48f7906224481bd1a5371c4a
parent5bd03afcbe6e6fd7dba2d85d5c67a5a0140b4a7d
Do not allow dropping Extended Master Secret extension on renegotiaton

Abort renegotiation if server receives client hello with Extended Master
Secret extension dropped in comparison to the initial session.

Fixes #9754

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12099)
CHANGES
include/openssl/ssl3.h
ssl/statem/extensions.c