[1] RFC 6066 - Transport Layer Security (TLS) Extensions: Extension Definitions (2015-02-01 18:07:52 +09:00 版) http://tools.ietf.org/html/rfc6066#section-7

[2] RFC 7525 - Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) (2015-05-29 03:22:56 +09:00 版) https://tools.ietf.org/html/rfc7525#section-4.5

Implementations MUST NOT use the Truncated HMAC extension, defined in
Section 7 of [RFC6066].
Rationale: the extension does not apply to the AEAD cipher suites
recommended above. However it does apply to most other TLS cipher
suites. Its use has been shown to be insecure in [PatersonRS11].