| diff --git a/third_party/tlslite/tlslite/handshakesettings.py b/third_party/tlslite/tlslite/handshakesettings.py |
| index 8f25f62..d7be5b3 100644 |
| --- a/third_party/tlslite/tlslite/handshakesettings.py |
| +++ b/third_party/tlslite/tlslite/handshakesettings.py |
| @@ -112,6 +112,9 @@ class HandshakeSettings(object): |
| @ivar alertAfterHandshake: If true, the server will send a fatal |
| alert immediately after the handshake completes. |
| |
| + @type enableChannelID: bool |
| + @ivar enableChannelID: If true, the server supports channel ID. |
| + |
| @type enableExtendedMasterSecret: bool |
| @ivar enableExtendedMasterSecret: If true, the server supports the extended |
| master secret TLS extension and will negotiated it with supporting clients. |
| @@ -140,6 +143,7 @@ class HandshakeSettings(object): |
| self.tlsIntoleranceType = 'alert' |
| self.useExperimentalTackExtension = False |
| self.alertAfterHandshake = False |
| + self.enableChannelID = True |
| self.enableExtendedMasterSecret = True |
| self.supportedTokenBindingParams = [] |
| |
| @@ -159,6 +163,7 @@ class HandshakeSettings(object): |
| other.tlsIntolerant = self.tlsIntolerant |
| other.tlsIntoleranceType = self.tlsIntoleranceType |
| other.alertAfterHandshake = self.alertAfterHandshake |
| + other.enableChannelID = self.enableChannelID |
| other.enableExtendedMasterSecret = self.enableExtendedMasterSecret |
| other.supportedTokenBindingParams = self.supportedTokenBindingParams |
| |
| diff --git a/third_party/tlslite/tlslite/tlsconnection.py b/third_party/tlslite/tlslite/tlsconnection.py |
| index 06404fe..7363a30 100644 |
| --- a/third_party/tlslite/tlslite/tlsconnection.py |
| +++ b/third_party/tlslite/tlslite/tlsconnection.py |
| @@ -1326,7 +1326,8 @@ class TLSConnection(TLSRecordLayer): |
| serverHello.create(self.version, getRandomBytes(32), sessionID, \ |
| cipherSuite, CertificateType.x509, tackExt, |
| nextProtos) |
| - serverHello.channel_id = clientHello.channel_id |
| + serverHello.channel_id = \ |
| + clientHello.channel_id and settings.enableChannelID |
| serverHello.extended_master_secret = \ |
| clientHello.extended_master_secret and \ |
| settings.enableExtendedMasterSecret |
| @@ -1391,7 +1392,7 @@ class TLSConnection(TLSRecordLayer): |
| for result in self._serverFinished(premasterSecret, |
| clientHello.random, serverHello.random, |
| cipherSuite, settings.cipherImplementations, |
| - nextProtos, clientHello.channel_id, |
| + nextProtos, serverHello.channel_id, |
| serverHello.extended_master_secret): |
| if result in (0,1): yield result |
| else: break |