SSLv3 must calculate the master secret earlier (from bc-java)

- include SSLv3 in test suite

3 files changed, 23 insertions, 4 deletions

diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs

index 4c2a0a545..6352a893f 100644
--- a/crypto/src/crypto/tls/TlsClientProtocol.cs
+++ b/crypto/src/crypto/tls/TlsClientProtocol.cs
@@ -384,10 +384,19 @@ namespace Org.BouncyCastle.Crypto.Tls
                     SendClientKeyExchangeMessage();
                     this.mConnectionState = CS_CLIENT_KEY_EXCHANGE;
 
+                    if (TlsUtilities.IsSsl(Context))
+                    {
+                        EstablishMasterSecret(Context, mKeyExchange);
+                    }
+
                     TlsHandshakeHash prepareFinishHash = mRecordStream.PrepareToFinish();
                     this.mSecurityParameters.sessionHash = GetCurrentPrfHash(Context, prepareFinishHash, null);
 
-                    EstablishMasterSecret(Context, mKeyExchange);
+                    if (!TlsUtilities.IsSsl(Context))
+                    {
+                        EstablishMasterSecret(Context, mKeyExchange);
+                    }
+
                     mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher());
 
                     if (clientCreds != null && clientCreds is TlsSignerCredentials)
diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs

index 38f2befea..fca685295 100644
--- a/crypto/src/crypto/tls/TlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/TlsServerProtocol.cs
@@ -625,10 +625,19 @@ namespace Org.BouncyCastle.Crypto.Tls
 
             AssertEmpty(buf);
 
+            if (TlsUtilities.IsSsl(Context))
+            {
+                EstablishMasterSecret(Context, mKeyExchange);
+            }
+
             this.mPrepareFinishHash = mRecordStream.PrepareToFinish();
             this.mSecurityParameters.sessionHash = GetCurrentPrfHash(Context, mPrepareFinishHash, null);
 
-            EstablishMasterSecret(Context, mKeyExchange);
+            if (!TlsUtilities.IsSsl(Context))
+            {
+                EstablishMasterSecret(Context, mKeyExchange);
+            }
+
             mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher());
 
             if (!mExpectSessionTicket)
diff --git a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs b/crypto/test/src/crypto/tls/test/TlsTestSuite.cs

index 77cebe0a6..5dd9cf0f5 100644
--- a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs
+++ b/crypto/test/src/crypto/tls/test/TlsTestSuite.cs
@@ -19,6 +19,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
             IList testSuite = new ArrayList();
 
             AddFallbackTests(testSuite);
+            AddVersionTests(testSuite, ProtocolVersion.SSLv3);
             AddVersionTests(testSuite, ProtocolVersion.TLSv10);
             AddVersionTests(testSuite, ProtocolVersion.TLSv11);
             AddVersionTests(testSuite, ProtocolVersion.TLSv12);
@@ -194,10 +195,10 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests
         private static TlsTestConfig CreateTlsTestConfig(ProtocolVersion version)
         {
             TlsTestConfig c = new TlsTestConfig();
-            c.clientMinimumVersion = ProtocolVersion.TLSv10;
+            c.clientMinimumVersion = ProtocolVersion.SSLv3;
             c.clientOfferVersion = ProtocolVersion.TLSv12;
             c.serverMaximumVersion = version;
-            c.serverMinimumVersion = ProtocolVersion.TLSv10;
+            c.serverMinimumVersion = ProtocolVersion.SSLv3;
             return c;
         }
     }