[/CoreOS/nss/Regression/bz2157950-EMS-in-FIPS] Either of the two: If RHEL-5313 is not fixed (aborts, but late): when TLS-REQUIRE-EMS is not in policy, a TLS 1.2 connection that doesn't negotiate EMS extension is aborted with the `handshake_failure` Alert when TLS-REQUIRE-EMS is not in policy: TLS 1.2 connections that both do and don't negotiate the EMS extension proceed as normal If RHEL-5313 is fixed (timely aborts): when TLS-REQUIRE-EMS is in policy, a TLS 1.2 connection that doesn't negotiate EMS extension is aborted early in the handshake with the `handshake_failure` Alert (immediately after receiving ServerHello for the client, and immediately after receiving ClientHello for the server) when TLS-REQUIRE-EMS is not in policy: TLS 1.2 connections that both do and don't negotiate the EMS extension proceed as normal  

.NSS now enforce EMS in FIPS mode The Network Security Services (NSS) libraries now contain the `TLS-REQUIRE-EMS` keyword to require the Extended Master Secret (EMS) extension (RFC 7627) for all TLS 1.2 connections as mandated by the FIPS 140-3 standard. NSS use the new keyword when the system-wide cryptographic policies are set to `FIPS`. If your scenario requires interoperating with legacy systems without support for EMS or TLS 1.3, you can apply the `NO-ENFORCE-EMS` system-wide cryptographic subpolicy. However, this change violates the FIPS-140-3 requirements.