CONFIG_MBEDTLS_SSL_EXTENDED_MASTER_SECRET

(No prompt – not directly user assignable.)

Type: bool

Help

This setting enables support for RFC: 7627: Session Has and Extended Master
Secret Extension.This was introduced as the "proper fix" tot the Triple
Handshake attacks, but is recommended to always be used.
Corresponds to MBEDTLS_SSL_EXTENDED_MASTER_SECRET in mbed TLS config file.

Direct dependencies

MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_TLS_LIBRARY && NRF_SECURITY

(Includes any dependencies from ifs and menus.)

Default

• y

Kconfig definition

At <nrfxlib>/nrf_security/Kconfig.tls:118

Included via <Zephyr>/Kconfig:8 → <Zephyr>/Kconfig.zephyr:33 → <Zephyr>/modules/Kconfig:6 → <nRF>/doc/_build/kconfig/Kconfig.modules:92 → <nrfxlib>/Kconfig.nrfxlib:13 → <nrfxlib>/nrf_security/Kconfig:105

Menu path: (Top) → Modules → nrfxlib (/home/runner/work/sdk-nrf/sdk-nrf/ncs/nrfxlib) → Nordic nrfxlib → nrf_security module → Create mbed TLS transport layer security library → Enable TLS version 1.2 protocol

config MBEDTLS_SSL_EXTENDED_MASTER_SECRET
    bool
    default y
    depends on MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_TLS_LIBRARY && NRF_SECURITY
    help
      This setting enables support for RFC: 7627: Session Has and Extended Master
      Secret Extension.This was introduced as the "proper fix" tot the Triple
      Handshake attacks, but is recommended to always be used.
      Corresponds to MBEDTLS_SSL_EXTENDED_MASTER_SECRET in mbed TLS config file.

(The ‘depends on’ condition includes propagated dependencies from ifs and menus.)