Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check if Extended Master Secret is supported in TLSv1.2 #1541

Open
JakubOnderka opened this issue Nov 8, 2024 · 3 comments
Open

Check if Extended Master Secret is supported in TLSv1.2 #1541

JakubOnderka opened this issue Nov 8, 2024 · 3 comments

Comments

@JakubOnderka
Copy link

Extended Master Secret (EMS, RFC 7627) is extension for TLSv1.2 that prevents Triple Handshakes man-in-the-middle attacks.

After May 16, 2023, using EMS is mandatory by FIPS 140-3 IG, so FIPS enabled clients will reject connecting to TLSv1.2 servers that do not support EMS.

EMS support is also required by Recommendations for Secure Use of Transport Layer Security (RFC 9325).

It would be nice if Internet.nl checks if EMS is supported in HTTPS and also e-mail check.
@JakubOnderka
Copy link
Author

Related openssl method SSL_get_extms_support

@baknu
Copy link
Contributor

baknu commented Nov 8, 2024

See also: https://list.sys4.de/hyperkitty/list/dane-users@list.sys4.de/thread/V53W2ZBZOL3JDBLPL5H3IK3LISLRR3J2/

@JakubOnderka
Copy link
Author

JakubOnderka commented Nov 8, 2024
edited
Loading

Pull request to nassl library with new get_ems_support method – nabla-c0d3/nassl#120

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JakubOnderka @baknu