Files
wolfssl/src
Juliusz Sosinowicz 748678715a F-5807: extend EMS resumption check to ticket resumption
Address review on PR #10582:

- The client-side extended_master_secret consistency check skipped all
  session-ticket resumptions, leaving a generic ticket resumption open to
  an undetected EMS downgrade by a malicious server or MITM. The client
  retains the EMS state for ticket sessions too (SetupSession), so the
  check now applies to ticket resumption as well, mirroring the adjacent
  cipher-suite check. Only EAP-FAST style resumption - where the
  session-secret callback supplies the master secret for an opaque PAC
  ticket - is exempt, matched precisely via ssl->sessionSecretCb just as
  the callback invocation in DoServerHello does.

- Add test_tls_ems_resumption_server_downgrade, exercising the
  client-direction downgrade (server resumes but omits EMS from its
  ServerHello) for both session-ID and session-ticket resumption. This
  client-side branch previously had no test coverage.
2026-06-10 20:50:51 +00:00
..
2026-05-28 16:19:44 +02:00
2026-05-28 16:19:44 +02:00
2026-05-14 16:59:48 +00:00
2026-04-17 15:10:56 -04:00
2026-05-26 14:54:30 +02:00
2026-06-04 18:29:24 +10:00
2026-05-26 14:54:30 +02:00
2026-05-26 14:54:30 +02:00
2026-02-25 15:19:13 +01:00
2026-05-14 16:59:12 +00:00