Address missing extended_master secret extension properly

drwetter · drwetter · commit cff949bb90ac · 2026-04-20T16:31:44.000+02:00
This PR "fixes feature" #2809 which was formerly not properly implemented in #2982, see comment #2806 (comment). Now TLS 1.3.-only servers won't get penalized when the master secret extension is missing.
diff --git a/testssl.sh b/testssl.sh
@@ -10693,8 +10693,9 @@ run_server_defaults() {
           outln "(none)"
           fileout "TLS_extensions" "INFO" "(none)"
      else
-#FIXME: we rather want to have the chance to print each ext in italics or another format.
-# Atm is a string of quoted strings -- that needs to be fixed at the root then
+          #FIXME: we rather want to print each ext in italics or another format.
+          # Atm it's a string of quoted strings -- that needs to be fixed at the
+          # the root then.
           # out_row_aligned_max_width() places line breaks at space characters.
           # So, in order to prevent the text for an extension from being broken
           # across lines, temporarily replace space characters within the text
@@ -10707,32 +10708,36 @@ run_server_defaults() {
           tls_extensions="${tls_extensions:1}"
           fileout "TLS_extensions" "INFO" "$tls_extensions"
           tls_extensions="${tls_extensions// /{}"
-          tls_extensions="${tls_extensions//\"{\"/\" \"}"
-          tls_extensions="$(out_row_aligned_max_width "$tls_extensions" "                              " $TERM_WIDTH)"
-          tls_extensions="${tls_extensions//{/ }"
+          tls_extensions="${tls_extensions//'{\"'/'" "'}"
+          #tls_extensions="${tls_extensions//\"{\"/\" \"}"   #  blank command for deconfusing vim's syntax hiliting
+          tls_extensions="$(out_row_aligned_max_width "$tls_extensions" '                              ' $TERM_WIDTH)"
+          tls_extensions="${tls_extensions//\{/ }"
           outln "$tls_extensions"
      fi
 
-     # We want to check whether the (for >=TLS 1.2) mandatory "extended master secret" extension is supported by
-     # the server. Otherwise it would violate RFC 9325 https://www.rfc-editor.org/rfc/rfc9325#section-3.5
-     # and cause connection problems.
+     # We want to check whether the (for <=TLS 1.2) mandatory "extended master secret" extension is supported by
+     # the server. Otherwise it would violate RFC 9325 https://www.rfc-editor.org/rfc/rfc9325#section-3.5. Also:
+     # "If a server implementing this document receives the "extended_master_secret" extension, it MUST
+     # include the extension in its ServerHello message". (https://www.rfc-editor.org/rfc/rfc7627.html#section-5.2).
+
      jsonID="TLS_misses_extension_23"
-     if [[ $(has_server_protocol "tls1_2") -eq 1 ]] && [[ $(has_server_protocol "tls1_3") -eq 1 ]] ; then
-          :
-     elif [[ $tls_extensions =~ \#23 ]]; then
-          # Was the last handshake >= TLS 1.2 ?
-          if grep -qE 'Protocol.*(TLSv1.3|TLSv1.2)' $TEMPDIR/$NODEIP.parse_tls_serverhello.txt ; then
-               fileout "$jsonID" "INFO" "Extended master secret extension detected"
-               debugme outln "${spaces}Extended master secret extension detected"
+     if [[ $tls_extensions =~ \#23 ]]; then
+          if "$TLS13_ONLY"; then
+               # this shouldn't happen
+               fileout "$jsonID" "LOW" "Misconfiguration: Extended master secret extension detected for TLS 1.3 only"
+               debugme outln "${spaces}Misconfiguration: Extended master secret extension detected for TLS 1.3 only"
           else
-               out "$spaces"
-               prln_warning "Fixme: Server supports TLS 1.2 or 1.3 but last ServerHello was < TLS 1.2"
-               fileout "$jsonID" "WARN" "Server supports TLS 1.2 or 1.3 but last ServerHello was < TLS 1.2"
+               if grep -qE 'Protocol.*(TLSv1.)' $TEMPDIR/$NODEIP.parse_tls_serverhello.txt ; then
+                    fileout "$jsonID" "INFO" "Extended master secret extension detected"
+                    debugme outln "${spaces}Extended master secret extension detected"
+               fi
+               # We don't worry about SSL3.0 here. It should have been tested before withg testssl.sh --
+               #  though it's mentioned in https://www.rfc-editor.org/rfc/rfc7627.html#section-6.4
           fi
-     else
+     elif ! "$TLS13_ONLY"; then
           out "$spaces"
-          prln_svrty_medium "No extended master secret extension, violates RFC 9325 & may cause connection problems"
-          fileout "$jsonID" "MEDIUM" "No extended master secret extension, violates RFC 9325 & may cause connection problems"
+          prln_svrty_medium "No extended master secret extension, violates RFC 7627/9325 & may cause connection problems"
+          fileout "$jsonID" "MEDIUM" "No extended master secret extension, violates RFC 7627/9325 & may cause connection problems"
      fi
 
      pr_bold " Session Ticket RFC 5077 hint "
