From 4bba282a70ce396860b6db591bedd5e36f732b18 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Thu, 17 Jun 2021 11:34:55 +1000
Subject: [PATCH] TLS EMS ext: TLS13 - send in second CH if in first

---
 src/tls.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/tls.c b/src/tls.c
index 15c762b9e..0986fa24d 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -11625,7 +11625,12 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
     }
 
 #ifdef HAVE_EXTENDED_MASTER
-    if (!isRequest && ssl->options.haveEMS && !pendingEMS)
+    if (IsAtLeastTLSv1_3(ssl->version) && msgType == hello_retry_request) {
+        /* Don't change EMS status until server_hello received.
+         * Second ClientHello must have same extensions.
+         */
+    }
+    else if (!isRequest && ssl->options.haveEMS && !pendingEMS)
         ssl->options.haveEMS = 0;
 #endif