iaik.security.ssl
Class ExtendedMasterSecret

java.lang.Object
  extended by iaik.security.ssl.Extension
      extended by iaik.security.ssl.ExtendedMasterSecret
All Implemented Interfaces:
java.lang.Cloneable

public class ExtendedMasterSecret
extends Extension
implements java.lang.Cloneable

This class implements the extended_master_secret TLS extension as specified by RFC 7627.

The extended_master_secret extension maybe exchanged between client and server to agree to calculate the master secret in a way that cryptographically binds it to important session parameters. If client and server negotiate this extension the master secret is calculated from a hash that is computed from the handshake messages up to the ClientKeyExchange message (inclusively). Binding the master secret computation to the session parameters will prevent from man-in-the-middle attacks where the attacker has synchronized two TLS sessions in a way that they share the same master secret.

Since the only purpose of the extended_master_secret extension is to be negotiate the use of the extended_master_secret calculation, the extended_master_secret is an empty extension and can be enabled on client and server side in the same way be simply creating and setting an empty ExtendedMasterSecret extension object:

 // create ExtendedMasterSecret
 ExtendedMasterSecret extendedMasterSecret = new ExtendedMasterSecret();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(extendedMasterSecret);
 ...
 // set extensions for the SSLClientContext configuration:
 SSLClientContext clientContext = new SSLClientContext();
 // extensions are only defined for TLS
 clientContext.setAllowedProtocolVersions(SSLContext.VERSION_TLS10, SSLContext.VERSION_TLS12); 
 ...
 clientContext.setExtensions(extensions);
 ...
 
Or at the server side:
 // create ExtendedMasterSecret
 ExtendedMasterSecret extendedMasterSecret = new ExtendedMasterSecret();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(extendedMasterSecret);
 ...
 // set extensions for the SSLServerContext configuration:
 SSLServerContext serverContext = new SSLServerContext();
 // extensions are only defined for TLS
 serverContext.setAllowedProtocolVersions(SSLContext.VERSION_TLS10, SSLContext.VERSION_TLS12); 
 ...
 serverContext.setExtensions(extensions);
 ...
 
If you set the critical flag of a client-side extended_master_secret extension to true (client-side default), the handshake will be aborted if the server does not respond with a extended_master_secret extension. The client also will not try to resume any session that does not use the extended master secret calculation.

If you set the critical flag of a server-side extended_master_secret extension to true, the handshake will be aborted if the client does not send a extended_master_secret extension within the extended ClientHello message.

Version:
File Revision 3
See Also:
Extension, ExtensionList

Field Summary
static ExtensionType TYPE
          The type (23) of the extended_master_secret extension.
 
Constructor Summary
ExtendedMasterSecret()
          Creates a new ExtendedMasterSecret extension object.
 
Method Summary
 java.lang.Object clone()
          Returns a clone of this ExtendedMasterSecret extension object.
 java.lang.String toString()
          Gets a String representation of this ExtendedMasterSecret extension.
 
Methods inherited from class iaik.security.ssl.Extension
getExtensionType, getName, getType, setCritical
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

TYPE

public static final ExtensionType TYPE
The type (23) of the extended_master_secret extension.

Constructor Detail

ExtendedMasterSecret

public ExtendedMasterSecret()
Creates a new ExtendedMasterSecret extension object.
This constructor may be used on the client or server side to enable extended_master_secret extension support for the SSL/SSLServerContext configuration:

 // create ExtendedMasterSecret
 ExtendedMasterSecret extendedMasterSecret = new ExtendedMasterSecret();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(extendedMasterSecret);
 ...
 // set extensions for the SSLClient/ServerContext configuration:
 SSLContext context = ...;
 ...
 clientContext.setExtensions(extensions);
 ...
 

Method Detail

clone

public java.lang.Object clone()
Returns a clone of this ExtendedMasterSecret extension object.

Overrides:
clone in class Extension
Returns:
a clone of this

toString

public java.lang.String toString()
Gets a String representation of this ExtendedMasterSecret extension.

Specified by:
toString in class Extension
Returns:
a String representation of this ExtendedMasterSecret extension

This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note).

iSaSiLk 5.104, (c) 2002 IAIK, (c) 2003 - 2015 SIC