Correct alert when extended master secret support is dropped

When resuming session with the extended master secret support dropped we should use SSL_AD_HANDSHAKE_FAILURE instead of SSL_AD_ILLEGAL_PARAMETER according to the RFC7627 section 5. Fixes #9791 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> MergeDate: Fri Jan 23 10:33:12 2026 (Merged from https://github.com/openssl/openssl/pull/29706)
2026-01-25 02:56:43 +00:00 · 2026-01-21 18:50:07 +01:00
parent f5f8571119
commit cf29b4194e
1 changed files with 1 additions and 1 deletions
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -678,7 +678,7 @@ int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
    if (ret->flags & SSL_SESS_FLAG_EXTMS) {
        /* If old session includes extms, but new does not: abort handshake */
        if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
-            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS);
            fatal = 1;
            goto err;
        }