[tls] Refuse to resume sessions with mismatched master secret methods

RFC 7627 section 5.3 states that the client must abort the handshake if the server attempts to resume a session where the master secret calculation method stored in the session does not match the method used for the connection being resumed. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-01-24 21:24:47 +03:00 · 2025-10-12 22:29:33 +01:00
parent ab64bc5b8d
commit 57504353fe
2 changed files with 15 additions and 0 deletions
--- a/src/include/ipxe/tls.h
+++ b/src/include/ipxe/tls.h
@@ -353,6 +353,8 @@ struct tls_session {
 	size_t ticket_len;
 	/** Master secret */
 	uint8_t master_secret[48];
+	/** Extended master secret flag */
+	int extended_master_secret;

 	/** List of connections */
 	struct list_head conn;