Hi,

today I read [1] that Microsoft finally added support for TLS Extended
Master Secret Extension to their SSL implementation (SChannel).

The author was so kind to provide a test script [2] to check if your
own servers support TLS Extended Master Secret extension yet.

Looks like my servers don't support TLS Extended Master Secret
extension yet. This lead me to the question when OpenSSL will add
support for this extensions or if it is my fault. I am using

  nginx/1.9.6 build against OpenSSL 1.0.2d 9 Jul 2015

from source.

Looks like there was already a contribution [3] which was already
reviewed in some ways [4].

Any status update would be nice.


[1] 
http://www.tripwire.com/state-of-security/security-data-protection/security-hardening/tls-extended-master-secret-extension-fixing-a-hole-in-tls/

[2] https://github.com/Tripwire-VERT/TLS_Extended_Master_Checker

[3] 
https://github.com/alfredopironti/openssl/commit/5339db9ec81727456f7edb86aab186e7deefe819

[4] 
http://openssl.6102.n7.nabble.com/PATCH-Fix-for-Triple-Handshake-attacks-via-extended-master-secret-td50058.html


Regards,
Igor
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to