From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 21 Jan 2026 17:50:07 +0000 (+0100)
Subject: Correct alert when extended master secret support is dropped
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cf29b4194e7eb486fccabd56e3e4c84fd318516c;p=thirdparty%2Fopenssl.git

Correct alert when extended master secret support is dropped

When resuming session with the extended master secret support
dropped we should use SSL_AD_HANDSHAKE_FAILURE instead of
SSL_AD_ILLEGAL_PARAMETER according to the RFC7627 section 5.

Fixes #9791

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
MergeDate: Fri Jan 23 10:33:12 2026
(Merged from https://github.com/openssl/openssl/pull/29706)
---

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 47a0e52ea97..3873a96d218 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -678,7 +678,7 @@ int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
     if (ret->flags & SSL_SESS_FLAG_EXTMS) {
         /* If old session includes extms, but new does not: abort handshake */
         if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
-            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS);
             fatal = 1;
             goto err;
         }