From 2ab798658f44a9e946fd3e68c7a79473193d689d Mon Sep 17 00:00:00 2001
From: Sam Friedman <sam@golioth.io>
Date: Wed, 4 Oct 2023 17:04:29 -0400
Subject: [PATCH] net: enable extended master secret

Extended Master Secret is a DTLS extension that ensures the
Master Secret is tied to the handshake parameters and is used to
prevent certain Man in the Middle attacks. Golioth reserves the right
to enforce the use of Extended Master Secret on the server side in
the future, so this option must be enabled to ensure continued
compatibility with Golioth.

Signed-off-by: Sam Friedman <sam@golioth.io>
---
 net/golioth/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/golioth/Kconfig b/net/golioth/Kconfig
index 2cd58457..de67885d 100644
--- a/net/golioth/Kconfig
+++ b/net/golioth/Kconfig
@@ -12,6 +12,7 @@ config GOLIOTH
 	select MBEDTLS_DTLS if MBEDTLS_BUILTIN
 	select MBEDTLS_TLS_LIBRARY if NRF_SECURITY
 	select MBEDTLS_SSL_PROTO_DTLS if NRF_SECURITY
+	select MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 	select NET_SOCKETS
 	select NET_UDP
 	imply DNS_RESOLVER if NET_NATIVE