Hi, This is my proposal for JDK-8148421 (Support Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension) [1]:
* http://cr.openjdk.java.net/~sgehwolf/webrevs/mbalaoal/JDK-8148421/webrev.01/ (browse online) * http://cr.openjdk.java.net/~sgehwolf/webrevs/mbalaoal/JDK-8148421/webrev.01/8148421.webrev.01.zip (download) Notes: * There is no PKCS#11 support for Extended Master Secret key derivation at this moment. NSS supports it through a vendor-specific type definition (CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE and CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH in pkcs11n.h file). Thus, P11TlsMasterSecretGenerator uses the legacy Master Key Derivation method only. Thanks in advanced, Martin.- -- [1] - https://bugs.openjdk.java.net/browse/JDK-8148421
