diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2017-03-23 00:26:41 +1030 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2017-03-23 00:26:41 +1030 |
| commit | 700364c5056bb3f7c39096733d9dc0b7f200e5f8 (patch) | |
| tree | da849877ea309b1b7576d404feba6aabf811f87d | |
| parent | Stop TcpListener in TlsServerTest (diff) | |
| download | BouncyCastle.NET-ed25519-700364c5056bb3f7c39096733d9dc0b7f200e5f8.tar.xz | |
SSLv3 must calculate the master secret earlier (from bc-java)
- include SSLv3 in test suite
| -rw-r--r-- | crypto/src/crypto/tls/TlsClientProtocol.cs | 11 | ||||
| -rw-r--r-- | crypto/src/crypto/tls/TlsServerProtocol.cs | 11 | ||||
| -rw-r--r-- | crypto/test/src/crypto/tls/test/TlsTestSuite.cs | 5 |
3 files changed, 23 insertions, 4 deletions
diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs index 4c2a0a545..6352a893f 100644 --- a/crypto/src/crypto/tls/TlsClientProtocol.cs +++ b/crypto/src/crypto/tls/TlsClientProtocol.cs @@ -384,10 +384,19 @@ namespace Org.BouncyCastle.Crypto.Tls SendClientKeyExchangeMessage(); this.mConnectionState = CS_CLIENT_KEY_EXCHANGE; + if (TlsUtilities.IsSsl(Context)) + { + EstablishMasterSecret(Context, mKeyExchange); + } + TlsHandshakeHash prepareFinishHash = mRecordStream.PrepareToFinish(); this.mSecurityParameters.sessionHash = GetCurrentPrfHash(Context, prepareFinishHash, null); - EstablishMasterSecret(Context, mKeyExchange); + if (!TlsUtilities.IsSsl(Context)) + { + EstablishMasterSecret(Context, mKeyExchange); + } + mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher()); if (clientCreds != null && clientCreds is TlsSignerCredentials) diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs index 38f2befea..fca685295 100644 --- a/crypto/src/crypto/tls/TlsServerProtocol.cs +++ b/crypto/src/crypto/tls/TlsServerProtocol.cs @@ -625,10 +625,19 @@ namespace Org.BouncyCastle.Crypto.Tls AssertEmpty(buf); + if (TlsUtilities.IsSsl(Context)) + { + EstablishMasterSecret(Context, mKeyExchange); + } + this.mPrepareFinishHash = mRecordStream.PrepareToFinish(); this.mSecurityParameters.sessionHash = GetCurrentPrfHash(Context, mPrepareFinishHash, null); - EstablishMasterSecret(Context, mKeyExchange); + if (!TlsUtilities.IsSsl(Context)) + { + EstablishMasterSecret(Context, mKeyExchange); + } + mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher()); if (!mExpectSessionTicket) diff --git a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs b/crypto/test/src/crypto/tls/test/TlsTestSuite.cs index 77cebe0a6..5dd9cf0f5 100644 --- a/crypto/test/src/crypto/tls/test/TlsTestSuite.cs +++ b/crypto/test/src/crypto/tls/test/TlsTestSuite.cs @@ -19,6 +19,7 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests IList testSuite = new ArrayList(); AddFallbackTests(testSuite); + AddVersionTests(testSuite, ProtocolVersion.SSLv3); AddVersionTests(testSuite, ProtocolVersion.TLSv10); AddVersionTests(testSuite, ProtocolVersion.TLSv11); AddVersionTests(testSuite, ProtocolVersion.TLSv12); @@ -194,10 +195,10 @@ namespace Org.BouncyCastle.Crypto.Tls.Tests private static TlsTestConfig CreateTlsTestConfig(ProtocolVersion version) { TlsTestConfig c = new TlsTestConfig(); - c.clientMinimumVersion = ProtocolVersion.TLSv10; + c.clientMinimumVersion = ProtocolVersion.SSLv3; c.clientOfferVersion = ProtocolVersion.TLSv12; c.serverMaximumVersion = version; - c.serverMinimumVersion = ProtocolVersion.TLSv10; + c.serverMinimumVersion = ProtocolVersion.SSLv3; return c; } } |