Implement extended master secret in tlslite

third_party/tlslite/tlslite/handshakesettings.py

Index: third_party/tlslite/tlslite/handshakesettings.py
diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py
index 605ed420619da79da1d03ef57f0bf8373a360dfc..76798239e72dd1de9c98d835c8785eb965fd764f 100644
--- a/third_party/tlslite/tlslite/handshakesettings.py
+++ b/third_party/tlslite/tlslite/handshakesettings.py
@@ -111,6 +111,10 @@ class HandshakeSettings(object):
     @type alertAfterHandshake: bool
     @ivar alertAfterHandshake: If true, the server will send a fatal
     alert immediately after the handshake completes.
+
+    @type enableExtendedMasterSecret: bool
+    @ivar enableExtendedMasterSecret: If true, the server supports the extended
+    master secret TLS extension and will negotiated it with supporting clients.
     
     Note that TACK support is not standardized by IETF and uses a temporary
     TLS Extension number, so should NOT be used in production software.
@@ -129,6 +133,7 @@ class HandshakeSettings(object):
         self.tlsIntoleranceType = 'alert'
         self.useExperimentalTackExtension = False
         self.alertAfterHandshake = False
+        self.enableExtendedMasterSecret = True

[davidben, 2015/08/18 21:02:14]

[Note that this will change the behavior of the test server. I think this is
fine and correct, but pointing it out to make sure we're on the same page.]

 
     # Validates the min/max fields, and certificateTypes
     # Filters out unsupported cipherNames and cipherImplementations