Requiring Extended Master Secret for TLS 1.2.

haskell-tls · Dec 26, 2023 · 4cabdf3 · 4cabdf3
1 parent 1428994
commit 4cabdf3
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 10 deletions.
diff --git a/core/Network/TLS/Context.hs b/core/Network/TLS/Context.hs
@@ -249,9 +249,10 @@ getPeerFinished ctx = do
         then return Nothing
         else return $ Just verifyData
 
---   Getting the "tls-unique" channel binding for TLS 1.2.
---   But it is susceptible to the "triple handshake vulnerability".
---   So, it is highly recommended to upgrade to TLS 1.3
+-- | Getting the "tls-unique" channel binding for TLS 1.2.
+--   For TLS 1.3, 'Nothing' is returned.
+--   'supportedExtendedMasterSec' must be 'RequireEMS'
+--   But in general, it is highly recommended to upgrade to TLS 1.3
 --   and use the "tls-exporter" channel binding via 'getTLSExporter'.
 getTLSUnique :: Context -> IO (Maybe ByteString)
 getTLSUnique ctx = do
@@ -269,6 +270,7 @@ getTLSUnique ctx = do
         else return Nothing
 
 -- | Getting the "tls-exporter" channel binding for TLS 1.3.
+--   For TLS 1.2, 'Nothing' is returned.
 getTLSExporter :: Context -> IO (Maybe ByteString)
 getTLSExporter ctx = do
     ver <- liftIO $ usingState_ ctx getVersion

diff --git a/core/Network/TLS/Parameters.hs b/core/Network/TLS/Parameters.hs
@@ -279,15 +279,14 @@ data Supported = Supported
     --   Default: 'False'
     , supportedExtendedMasterSec :: EMSMode
     -- ^ The mode regarding extended master secret.  Enabling this extension
-    -- provides better security for TLS versions 1.0 to 1.2.  TLS 1.3 provides
+    -- provides better security for TLS versions 1.2.  TLS 1.3 provides
     -- the security properties natively and does not need the extension.
     --
-    -- By default the extension is enabled but not required.  If mode is set
-    -- to 'RequireEMS', the handshake will fail when the peer does not support
-    -- the extension.  It is also advised to disable SSLv3 which does not have
-    -- this mechanism.
+    -- By default the extension is 'RequireEMS'.
+    -- So, the handshake will fail when the peer does not support
+    -- the extension.
     --
-    -- Default: 'AllowEMS'
+    -- Default: 'RequireEMS'
     , supportedSession :: Bool
     -- ^ Set if we support session.
     --
@@ -343,7 +342,7 @@ defaultSupported =
         , supportedHashSignatures = Struct.supportedSignatureSchemes
         , supportedSecureRenegotiation = True
         , supportedClientInitiatedRenegotiation = False
-        , supportedExtendedMasterSec = AllowEMS
+        , supportedExtendedMasterSec = RequireEMS
         , supportedSession = True
         , supportedFallbackScsv = True
         , supportedEmptyPacket = True