diff options
| author | Michael Brown | 2025-10-12 23:29:33 +0200 |
|---|---|---|
| committer | Michael Brown | 2025-10-13 00:25:09 +0200 |
| commit | 57504353febc61533e637f16ec6f933870b68ec9 (patch) | |
| tree | 98c1ccbb43ae0e1d5435047ad13f7ae4cbc1936b /src/include | |
| parent | [tls] Add support for the Extended Master Secret (diff) | |
| download | ipxe-57504353febc61533e637f16ec6f933870b68ec9.tar.gz ipxe-57504353febc61533e637f16ec6f933870b68ec9.tar.xz ipxe-57504353febc61533e637f16ec6f933870b68ec9.zip | |
[tls] Refuse to resume sessions with mismatched master secret methods
RFC 7627 section 5.3 states that the client must abort the handshake
if the server attempts to resume a session where the master secret
calculation method stored in the session does not match the method
used for the connection being resumed.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/include')
| -rw-r--r-- | src/include/ipxe/tls.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/include/ipxe/tls.h b/src/include/ipxe/tls.h index 658a008f8..8ddc9c1be 100644 --- a/src/include/ipxe/tls.h +++ b/src/include/ipxe/tls.h @@ -353,6 +353,8 @@ struct tls_session { size_t ticket_len; /** Master secret */ uint8_t master_secret[48]; + /** Extended master secret flag */ + int extended_master_secret; /** List of connections */ struct list_head conn; |