I think the version of openssl is it. A quick grep through the code it appears that openssl 1.1.1 supports extended master secret but openssl 1.0.2 does not. Interestingly you cannot turn off extended master secret in 1.1.1. The SSL_OP_NO_EXTENDED_MASTER_SECRET option doesn't appear until openssl 3.
On Wed, Jul 15, 2020 at 4:38 AM supraja sridhar <[email protected]> wrote: > Hello, > Yes, I am using ATS 7.1.1 with openssl 1.0.2 version. The client supports > the extended master secret extension. Could the openssl version be an issue? > > On Tue, Jul 14, 2020 at 5:45 PM Susan Hinrichs <[email protected]> > wrote: > >> Yes, I believe it should. ATS doesn't set SSL_OP_NO_EXTENDED_MASTER_SECRET, >> and the default is for that feature to be enabled. >> >> Are you having problems with session reuse? Perhaps the client does not >> support the Extended Master secret? >> >> Susan >> >> On Tue, Jul 14, 2020 at 1:26 AM supraja sridhar < >> [email protected]> wrote: >> >>> Hello, >>> >>> Does ATS 7.x support session ticket reuse in the presence of Extended >>> Master secret extension in the handshake ? >>> >>> Thanks >>> Supraja >>> >> > > -- > Regards, > S.SUPRAJA > MIT >
