ExtendedMasterSecret (iSaSiLk 6.1 API Documentation)

java.lang.Object
- iaik.security.ssl.Extension
- - iaik.security.ssl.ExtendedMasterSecret

All Implemented Interfaces:

java.lang.Cloneable
```
public class ExtendedMasterSecret
extends Extension
implements java.lang.Cloneable
```
This class implements the extended_master_secret TLS extension as specified by RFC 7627.
The extended_master_secret extension maybe exchanged between client and server to agree to calculate the master secret in a way that cryptographically binds it to important session parameters. If client and server negotiate this extension the master secret is calculated from a hash that is computed from the handshake messages up to the ClientKeyExchange message (inclusively). Binding the master secret computation to the session parameters will prevent from man-in-the-middle attacks where the attacker has synchronized two TLS sessions in a way that they share the same master secret.
Since the only purpose of the extended_master_secret extension is to be negotiate the use of the extended_master_secret calculation, the extended_master_secret is an empty extension and can be enabled on client and server side in the same way be simply creating and setting an empty ExtendedMasterSecret extension object:
```
 // create ExtendedMasterSecret
 ExtendedMasterSecret extendedMasterSecret = new ExtendedMasterSecret();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(extendedMasterSecret);
 ...
 // set extensions for the SSLClientContext configuration:
 SSLClientContext clientContext = new SSLClientContext();
 // extensions are only defined for TLS
 clientContext.setAllowedProtocolVersions(SSLContext.VERSION_TLS10, SSLContext.VERSION_TLS12); 
 ...
 clientContext.setExtensions(extensions);
 ...
 
```
Or at the server side:
```
 // create ExtendedMasterSecret
 ExtendedMasterSecret extendedMasterSecret = new ExtendedMasterSecret();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(extendedMasterSecret);
 ...
 // set extensions for the SSLServerContext configuration:
 SSLServerContext serverContext = new SSLServerContext();
 // extensions are only defined for TLS
 serverContext.setAllowedProtocolVersions(SSLContext.VERSION_TLS10, SSLContext.VERSION_TLS12); 
 ...
 serverContext.setExtensions(extensions);
 ...
 
```
If you set the critical flag of a client-side extended_master_secret extension to true (client-side default), the handshake will be aborted if the server does not respond with a extended_master_secret extension. The client also will not try to resume any session that does not use the extended master secret calculation.
If you set the critical flag of a server-side extended_master_secret extension to true, the handshake will be aborted if the client does not send a extended_master_secret extension within the extended ClientHello message.
Version:

File Revision 34

See Also:

Extension, ExtensionList

Field Summary

Fields
Modifier and Type Field and Description

static ExtensionType TYPE
The type (23) of the extended_master_secret extension.

Fields
Modifier and Type	Field and Description
`static ExtensionType`	`TYPE` The type (23) of the extended_master_secret extension.

Constructor Summary

Constructors
Constructor and Description

ExtendedMasterSecret()
Creates a new ExtendedMasterSecret extension object.

Constructors
Constructor and Description
`ExtendedMasterSecret()` Creates a new ExtendedMasterSecret extension object.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`java.lang.Object`	`clone()` Returns a clone of this ExtendedMasterSecret extension object.
`java.lang.String`	`toString()` Gets a String representation of this ExtendedMasterSecret extension.

Methods inherited from class iaik.security.ssl.Extension
getAllowedProtocolVersions, getExtensionType, getName, getType, setCritical

Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Field Detail
  - TYPE
```
public static final ExtensionType TYPE
```
    The type (23) of the extended_master_secret extension.
- Constructor Detail
  - ExtendedMasterSecret
```
public ExtendedMasterSecret()
```
    Creates a new ExtendedMasterSecret extension object.
    This constructor may be used on the client or server side to enable extended_master_secret extension support for the SSL/SSLServerContext configuration:
```
 // create ExtendedMasterSecret
 ExtendedMasterSecret extendedMasterSecret = new ExtendedMasterSecret();
 // add to ExtensionList
 ExtensionList extensions = new ExtensionList();
 ...
 extensions.addExtension(extendedMasterSecret);
 ...
 // set extensions for the SSLClient/ServerContext configuration:
 SSLContext context = ...;
 ...
 clientContext.setExtensions(extensions);
 ...
 
```
- Method Detail
  - clone
```
public java.lang.Object clone()
```
    Returns a clone of this ExtendedMasterSecret extension object.
    
    Overrides:
    
    clone in class Extension
    
    Returns:
    
    a clone of this
  - toString
```
public java.lang.String toString()
```
    Gets a String representation of this ExtendedMasterSecret extension.
    
    Specified by:
    
    toString in class Extension
    
    Returns:
    
    a String representation of this ExtendedMasterSecret extension

Class ExtendedMasterSecret

Field Summary

Constructor Summary

Method Summary

Methods inherited from class iaik.security.ssl.Extension

Methods inherited from class java.lang.Object

Field Detail

TYPE

Constructor Detail

ExtendedMasterSecret

Method Detail

clone

toString