diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-06-28 16:29:22 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-06-28 16:29:22 +0700 |
| commit | 1cc412daaa874b80b79599bd71c53fc315bb9ac7 (patch) | |
| tree | 034e63fba5ad4bd5fce16264e10fe9668d13c5db | |
| parent | Fix renegotiation after resumption handshakes (diff) | |
| download | BouncyCastle.NET-ed25519-1cc412daaa874b80b79599bd71c53fc315bb9ac7.tar.xz | |
Add TlsClient.ShouldUseCompatibilityMode
| -rw-r--r-- | crypto/src/tls/AbstractTlsClient.cs | 5 | ||||
| -rw-r--r-- | crypto/src/tls/TlsClient.cs | 3 | ||||
| -rw-r--r-- | crypto/src/tls/TlsClientProtocol.cs | 2 | ||||
| -rw-r--r-- | crypto/src/tls/TlsUtilities.cs | 9 |
4 files changed, 18 insertions, 1 deletions
diff --git a/crypto/src/tls/AbstractTlsClient.cs b/crypto/src/tls/AbstractTlsClient.cs index af53e9fbf..77f30bb40 100644 --- a/crypto/src/tls/AbstractTlsClient.cs +++ b/crypto/src/tls/AbstractTlsClient.cs @@ -421,6 +421,11 @@ namespace Org.BouncyCastle.Tls return TlsUtilities.VectorOfOne(m_supportedGroups[0]); } + public virtual bool ShouldUseCompatibilityMode() + { + return true; + } + /// <exception cref="IOException"/> public virtual void NotifyServerVersion(ProtocolVersion serverVersion) { diff --git a/crypto/src/tls/TlsClient.cs b/crypto/src/tls/TlsClient.cs index d93799aaf..8615bb3fb 100644 --- a/crypto/src/tls/TlsClient.cs +++ b/crypto/src/tls/TlsClient.cs @@ -41,6 +41,9 @@ namespace Org.BouncyCastle.Tls /// </returns> IList<int> GetEarlyKeyShareGroups(); + // TODO[api] + //bool ShouldUseCompatibilityMode(); + /// <exception cref="IOException"/> void NotifyServerVersion(ProtocolVersion selectedVersion); diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs index 8e31fa6c8..99d088622 100644 --- a/crypto/src/tls/TlsClientProtocol.cs +++ b/crypto/src/tls/TlsClientProtocol.cs @@ -1694,7 +1694,7 @@ namespace Org.BouncyCastle.Tls * RFC 8446 4.2.1. In compatibility mode [..], this field MUST be non-empty, so a client * not offering a pre-TLS 1.3 session MUST generate a new 32-byte value. */ - if (legacy_session_id.Length < 1) + if (legacy_session_id.Length < 1 && TlsUtilities.ShouldUseCompatibilityMode(m_tlsClient)) { legacy_session_id = m_tlsClientContext.NonceGenerator.GenerateNonce(32); } diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index 92102e826..7337e9f52 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -5739,5 +5739,14 @@ namespace Org.BouncyCastle.Tls abstractTlsPeer.NotifyConnectionClosed(); } } + + // TODO[api] Not needed once ShouldUseCompatibilityMode() has been added to TlsClient + internal static bool ShouldUseCompatibilityMode(TlsClient tlsClient) + { + if (tlsClient is AbstractTlsClient abstractTlsClient) + return abstractTlsClient.ShouldUseCompatibilityMode(); + + return true; + } } } |