summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-06-28 16:29:22 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-06-28 16:29:22 +0700
commit1cc412daaa874b80b79599bd71c53fc315bb9ac7 (patch)
tree034e63fba5ad4bd5fce16264e10fe9668d13c5db
parentFix renegotiation after resumption handshakes (diff)
downloadBouncyCastle.NET-ed25519-1cc412daaa874b80b79599bd71c53fc315bb9ac7.tar.xz
Add TlsClient.ShouldUseCompatibilityMode
-rw-r--r--crypto/src/tls/AbstractTlsClient.cs5
-rw-r--r--crypto/src/tls/TlsClient.cs3
-rw-r--r--crypto/src/tls/TlsClientProtocol.cs2
-rw-r--r--crypto/src/tls/TlsUtilities.cs9
4 files changed, 18 insertions, 1 deletions
diff --git a/crypto/src/tls/AbstractTlsClient.cs b/crypto/src/tls/AbstractTlsClient.cs
index af53e9fbf..77f30bb40 100644
--- a/crypto/src/tls/AbstractTlsClient.cs
+++ b/crypto/src/tls/AbstractTlsClient.cs
@@ -421,6 +421,11 @@ namespace Org.BouncyCastle.Tls
             return TlsUtilities.VectorOfOne(m_supportedGroups[0]);
         }
 
+        public virtual bool ShouldUseCompatibilityMode()
+        {
+            return true;
+        }
+
         /// <exception cref="IOException"/>
         public virtual void NotifyServerVersion(ProtocolVersion serverVersion)
         {
diff --git a/crypto/src/tls/TlsClient.cs b/crypto/src/tls/TlsClient.cs
index d93799aaf..8615bb3fb 100644
--- a/crypto/src/tls/TlsClient.cs
+++ b/crypto/src/tls/TlsClient.cs
@@ -41,6 +41,9 @@ namespace Org.BouncyCastle.Tls
         /// </returns>
         IList<int> GetEarlyKeyShareGroups();
 
+        // TODO[api]
+        //bool ShouldUseCompatibilityMode();
+
         /// <exception cref="IOException"/>
         void NotifyServerVersion(ProtocolVersion selectedVersion);
 
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 8e31fa6c8..99d088622 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -1694,7 +1694,7 @@ namespace Org.BouncyCastle.Tls
                  * RFC 8446 4.2.1. In compatibility mode [..], this field MUST be non-empty, so a client
                  * not offering a pre-TLS 1.3 session MUST generate a new 32-byte value.
                  */
-                if (legacy_session_id.Length < 1)
+                if (legacy_session_id.Length < 1 && TlsUtilities.ShouldUseCompatibilityMode(m_tlsClient))
                 {
                     legacy_session_id = m_tlsClientContext.NonceGenerator.GenerateNonce(32);
                 }
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs
index 92102e826..7337e9f52 100644
--- a/crypto/src/tls/TlsUtilities.cs
+++ b/crypto/src/tls/TlsUtilities.cs
@@ -5739,5 +5739,14 @@ namespace Org.BouncyCastle.Tls
                 abstractTlsPeer.NotifyConnectionClosed();
             }
         }
+
+        // TODO[api] Not needed once ShouldUseCompatibilityMode() has been added to TlsClient
+        internal static bool ShouldUseCompatibilityMode(TlsClient tlsClient)
+        {
+            if (tlsClient is AbstractTlsClient abstractTlsClient)
+                return abstractTlsClient.ShouldUseCompatibilityMode();
+
+            return true;
+        }
     }
 }