aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/msg_client_hello.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-01-03 18:27:44 -0500
committerJack Lloyd <[email protected]>2016-01-03 18:27:44 -0500
commit2713825275950737441a063b8ea8df25981d53b1 (patch)
tree652ce64b676ab10f1a3161d92e9d398a2abf8298 /src/lib/tls/msg_client_hello.cpp
parent4658f3094d652a012c29837910aef89788654b55 (diff)
Add extended master secret extension (RFC 7627) to TLS
Interop tested with mbed TLS
Diffstat (limited to 'src/lib/tls/msg_client_hello.cpp')
-rw-r--r--src/lib/tls/msg_client_hello.cpp10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/tls/msg_client_hello.cpp b/src/lib/tls/msg_client_hello.cpp
index ce20d6781..fffb321d6 100644
--- a/src/lib/tls/msg_client_hello.cpp
+++ b/src/lib/tls/msg_client_hello.cpp
@@ -1,6 +1,6 @@
/*
* TLS Hello Request and Client Hello Messages
-* (C) 2004-2011,2015 Jack Lloyd
+* (C) 2004-2011,2015,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -80,6 +80,7 @@ Client_Hello::Client_Hello(Handshake_IO& io,
m_suites(policy.ciphersuite_list(m_version, (srp_identifier != ""))),
m_comp_methods(policy.compression())
{
+ m_extensions.add(new Extended_Master_Secret);
m_extensions.add(new Renegotiation_Extension(reneg_info));
m_extensions.add(new SRP_Identifier(srp_identifier));
m_extensions.add(new Server_Name_Indicator(hostname));
@@ -130,6 +131,13 @@ Client_Hello::Client_Hello(Handshake_IO& io,
if(!value_exists(m_comp_methods, session.compression_method()))
m_comp_methods.push_back(session.compression_method());
+ /*
+ We always add the EMS extension, even if not used in the original session.
+ If the server understands it and follows the RFC it should reject our resume
+ attempt and upgrade us to a new session with the EMS protection.
+ */
+ m_extensions.add(new Extended_Master_Secret);
+
m_extensions.add(new Renegotiation_Extension(reneg_info));
m_extensions.add(new SRP_Identifier(session.srp_identifier()));
m_extensions.add(new Server_Name_Indicator(session.server_info().hostname()));