summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-07-13 14:42:03 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-07-13 14:42:03 +0700
commit7a63d39947753476a5c819d09a21e800771bc155 (patch)
tree6303290fc8f2b5fac643371830fec57c490b2414
parentAdd DtlsRawKeysProtocolTest (diff)
downloadBouncyCastle.NET-ed25519-7a63d39947753476a5c819d09a21e800771bc155.tar.xz
(D)TLS: Clean up redundant resumption checks
-rw-r--r--crypto/src/tls/DtlsClientProtocol.cs6
-rw-r--r--crypto/src/tls/TlsClientProtocol.cs18
2 files changed, 2 insertions, 22 deletions
diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs
index 5c5686bbb..88ebbb636 100644
--- a/crypto/src/tls/DtlsClientProtocol.cs
+++ b/crypto/src/tls/DtlsClientProtocol.cs
@@ -995,12 +995,6 @@ namespace Org.BouncyCastle.Tls
 
             if (securityParameters.IsResumedSession)
             {
-                if (securityParameters.CipherSuite != state.sessionParameters.CipherSuite
-                    || !server_version.Equals(state.sessionParameters.NegotiatedVersion))
-                {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-                }
-
                 sessionClientExtensions = null;
                 sessionServerExtensions = state.sessionParameters.ReadServerExtensions();
             }
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 30ad67fbe..6968e5e55 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -1277,14 +1277,9 @@ namespace Org.BouncyCastle.Tls
 
             var sessionClientExtensions = m_clientExtensions;
             var sessionServerExtensions = serverHelloExtensions;
+
             if (securityParameters.IsResumedSession)
             {
-                if (securityParameters.CipherSuite != m_sessionParameters.CipherSuite
-                    || !server_version.Equals(m_sessionParameters.NegotiatedVersion))
-                {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-                }
-
                 sessionClientExtensions = null;
                 sessionServerExtensions = m_sessionParameters.ReadServerExtensions();
             }
@@ -1312,10 +1307,6 @@ namespace Org.BouncyCastle.Tls
                 securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension(
                     sessionServerExtensions);
 
-                /*
-                 * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in
-                 * a session resumption handshake.
-                 */
                 if (!securityParameters.IsResumedSession)
                 {
                     // TODO[tls13] See RFC 8446 4.4.2.1
@@ -1419,14 +1410,9 @@ namespace Org.BouncyCastle.Tls
 
             var sessionClientExtensions = m_clientExtensions;
             var sessionServerExtensions = m_serverExtensions;
+
             if (securityParameters.IsResumedSession)
             {
-                if (securityParameters.CipherSuite != m_sessionParameters.CipherSuite
-                    || !negotiatedVersion.Equals(m_sessionParameters.NegotiatedVersion))
-                {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-                }
-
                 sessionClientExtensions = null;
                 sessionServerExtensions = m_sessionParameters.ReadServerExtensions();
             }