Does LE supports Extended Master Secret certificates?

While trying to get my SSL server NIST compliant, I stumbled upon section 3.4.1 - Mandatory TLS Extensions, and there is only one option I cannot find where to configure on my end: Extended Master Secret. This extension is documented on RFC7627. Most modern browsers are supporting this by default.

While checking on the Internet, it seems CAs do enable this; all my searches of certificates issued by LE returned “Extended master secret: no”, which matches my own experience.

I haven’t found anything on either Apache HTTP or OpenSSL documentation/mailing lists though.

Is this by design a disabled feature on Let’s Encrypt backend? Any way I can manually turn this on from a CSR?

1 Like

It’s not a characteristic of the certificate. It’s a characteristic of how the TLS server is configured and applies to individual TLS sessions based on how they are negotiated.

Try connecting to this forum (with TLS 1.2), which uses a Let’s Encrypt certificate.

$ openssl s_client -connect community.letsencrypt.org:443 -tls1_2 2>&1 | grep -i "Extended master secret"
    Extended master secret: yes

Notably, it doesn’t seem to be supported/enabled by TLS 1.3 servers for TLS 1.3 sessions - that might be why you’re not seeing it. (By my reading, it seems to be superseded by the TLS 1.3 Transcript Hash, but it’s probably best for an actual expert to chime in on that matter).

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.