Commit cf29b4194e for openssl.org

commit cf29b4194e7eb486fccabd56e3e4c84fd318516c
Author: Tomas Mraz <tomas@openssl.org>
Date:   Wed Jan 21 18:50:07 2026 +0100

    Correct alert when extended master secret support is dropped

    When resuming session with the extended master secret support
    dropped we should use SSL_AD_HANDSHAKE_FAILURE instead of
    SSL_AD_ILLEGAL_PARAMETER according to the RFC7627 section 5.

    Fixes #9791

    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    MergeDate: Fri Jan 23 10:33:12 2026
    (Merged from https://github.com/openssl/openssl/pull/29706)

diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 47a0e52ea9..3873a96d21 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -678,7 +678,7 @@ int ssl_get_prev_session(SSL_CONNECTION *s, CLIENTHELLO_MSG *hello)
     if (ret->flags & SSL_SESS_FLAG_EXTMS) {
         /* If old session includes extms, but new does not: abort handshake */
         if (!(s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
-            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INCONSISTENT_EXTMS);
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_INCONSISTENT_EXTMS);
             fatal = 1;
             goto err;
         }