[tls] Disable renegotiation unless extended master secret is used

mcb30 · mcb30 · commit e80818e4f6e3 · 2025-10-12T23:25:09.000+01:00
RFC 7627 states that renegotiation becomes no longer secure under
various circumstances when the non-extended master secret is used.
The description of the precise set of circumstances is spread across
various points within the document and is not entirely clear.

Avoid a superset of the circumstances in which renegotiation
apparently becomes insecure by refusing renegotiation completely
unless the extended master secret is used.

Signed-off-by: Michael Brown &lt;mcb30@ipxe.org&gt;
diff --git a/src/net/tls.c b/src/net/tls.c
@@ -2082,7 +2082,7 @@ static int tls_new_hello_request ( struct tls_connection *tls,
 	}
 
 	/* Fail unless server supports secure renegotiation */
-	if ( ! tls->secure_renegotiation ) {
+	if ( ! ( tls->secure_renegotiation && tls->extended_master_secret ) ) {
 		DBGC ( tls, "TLS %p refusing to renegotiate insecurely\n",
 		       tls );
 		return -EPERM_RENEG_INSECURE;

Original file line number	Diff line number	Diff line change
`@@ -2082,7 +2082,7 @@ static int tls_new_hello_request ( struct tls_connection *tls,`
`2082`	`2082`	`}`
`2083`	`2083`
`2084`	`2084`	`/* Fail unless server supports secure renegotiation */`
`2085`		`- if ( ! tls->secure_renegotiation ) {`
	`2085`	`+ if ( ! ( tls->secure_renegotiation && tls->extended_master_secret ) ) {`
`2086`	`2086`	`DBGC ( tls, "TLS %p refusing to renegotiate insecurely\n",`
`2087`	`2087`	`tls );`
`2088`	`2088`	`return -EPERM_RENEG_INSECURE;`