X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=ssl%2Ft1_enc.c;h=37cd25d8dd663d1097239f987157638048f1279e;hp=8d1e350a6110656dde7f46253ff88a2a2bf3e718;hb=395cc5cdbef001c9886719bd31dbe48bad839b5c;hpb=2b7363ecf168f94e5d982cd49182aa923b92d3e4

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 8d1e350a61..37cd25d8dd 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -474,7 +474,13 @@ size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
 int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                                 size_t len, size_t *secret_size)
 {
-    if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
+    /*
+     * TODO(TLS1.3): We haven't implemented TLS1.3 key derivation yet. For now
+     * we will just force no use of EMS (which adds complications around the
+     * handshake hash). This will need to be removed later
+     */
+    if ((s->session->flags & SSL_SESS_FLAG_EXTMS)
+            && SSL_IS_TLS13(s)) {
         unsigned char hash[EVP_MAX_MD_SIZE * 2];
         size_t hashlen;
         /*