Hi, today I read [1] that Microsoft finally added support for TLS Extended Master Secret Extension to their SSL implementation (SChannel). The author was so kind to provide a test script [2] to check if your own servers support TLS Extended Master Secret extension yet. Looks like my servers don't support TLS Extended Master Secret extension yet. This lead me to the question when OpenSSL will add support for this extensions or if it is my fault. I am using nginx/1.9.6 build against OpenSSL 1.0.2d 9 Jul 2015 from source. Looks like there was already a contribution [3] which was already reviewed in some ways [4]. Any status update would be nice. [1] http://www.tripwire.com/state-of-security/security-data-protection/security-hardening/tls-extended-master-secret-extension-fixing-a-hole-in-tls/ [2] https://github.com/Tripwire-VERT/TLS_Extended_Master_Checker [3] https://github.com/alfredopironti/openssl/commit/5339db9ec81727456f7edb86aab186e7deefe819 [4] http://openssl.6102.n7.nabble.com/PATCH-Fix-for-Triple-Handshake-attacks-via-extended-master-secret-td50058.html Regards, Igor
