[openssl-users] No TLS Extended Master Secret Extension (RFC7627) support yet?
Igor Sverkos
igor.sverkos at gmail.com
Wed Nov 11 21:53:46 UTC 2015
Hi,
today I read [1] that Microsoft finally added support for TLS Extended
Master Secret Extension to their SSL implementation (SChannel).
The author was so kind to provide a test script [2] to check if your
own servers support TLS Extended Master Secret extension yet.
Looks like my servers don't support TLS Extended Master Secret
extension yet. This lead me to the question when OpenSSL will add
support for this extensions or if it is my fault. I am using
nginx/1.9.6 build against OpenSSL 1.0.2d 9 Jul 2015
from source.
Looks like there was already a contribution [3] which was already
reviewed in some ways [4].
Any status update would be nice.
[1] http://www.tripwire.com/state-of-security/security-data-protection/security-hardening/tls-extended-master-secret-extension-fixing-a-hole-in-tls/
[2] https://github.com/Tripwire-VERT/TLS_Extended_Master_Checker
[3] https://github.com/alfredopironti/openssl/commit/5339db9ec81727456f7edb86aab186e7deefe819
[4] http://openssl.6102.n7.nabble.com/PATCH-Fix-for-Triple-Handshake-attacks-via-extended-master-secret-td50058.html
Regards,
Igor
More information about the openssl-users
mailing list