Do not allow dropping Extended Master Secret extension on renegotiaton

Abort renegotiation if server receives client hello with Extended Master Secret extension dropped in comparison to the initial session. Fixes #9754 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12045)
author: Tomas Mraz <tmraz@fedoraproject.org> 2020-06-04 11:40:29 +0200
committer: Tomas Mraz <tmraz@fedoraproject.org> 2020-06-09 14:11:19 +0200
commit: 11d3235e2b5a1dc9f48c040b1f1b6bea86ffc745 (patch)
tree: 30a7c0f99180ec1712fc5d59e698646448389082 /CHANGES.md
parent: 7646610b6a2c53ae50ed453c88291c23630e7850 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index ca60b9c2e4..24fb86fddb 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,11 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Handshake now fails if Extended Master Secret extension is dropped
+   on renegotiation.
+
+   *Tomas Mraz*
+
  * Dropped interactive mode from the 'openssl' program.  From now on,
    the `openssl` command without arguments is equivalent to `openssl
    help`.
author	Tomas Mraz <tmraz@fedoraproject.org>	2020-06-04 11:40:29 +0200
committer	Tomas Mraz <tmraz@fedoraproject.org>	2020-06-09 14:11:19 +0200
commit	11d3235e2b5a1dc9f48c040b1f1b6bea86ffc745 (patch)
tree	30a7c0f99180ec1712fc5d59e698646448389082 /CHANGES.md
parent	7646610b6a2c53ae50ed453c88291c23630e7850 (diff)