diff --git a/crypto/src/tls/AbstractTlsPeer.cs b/crypto/src/tls/AbstractTlsPeer.cs
index 6d7c88f1b..82f8dd1e5 100644
--- a/crypto/src/tls/AbstractTlsPeer.cs
+++ b/crypto/src/tls/AbstractTlsPeer.cs
@@ -65,6 +65,11 @@ namespace Org.BouncyCastle.Tls
return 0;
}
+ public virtual int GetHandshakeResendTimeMillis()
+ {
+ return 1000;
+ }
+
public virtual bool AllowLegacyResumption()
{
return false;
diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs
index 88a077168..72484e178 100644
--- a/crypto/src/tls/DtlsClientProtocol.cs
+++ b/crypto/src/tls/DtlsClientProtocol.cs
@@ -100,7 +100,8 @@ namespace Org.BouncyCastle.Tls
SecurityParameters securityParameters = state.clientContext.SecurityParameters;
DtlsReliableHandshake handshake = new DtlsReliableHandshake(state.clientContext, recordLayer,
- state.client.GetHandshakeTimeoutMillis(), null);
+ state.client.GetHandshakeTimeoutMillis(), TlsUtilities.GetHandshakeResendTimeMillis(state.client),
+ null);
byte[] clientHelloBody = GenerateClientHello(state);
diff --git a/crypto/src/tls/DtlsRecordLayer.cs b/crypto/src/tls/DtlsRecordLayer.cs
index a61688cb0..a18210de2 100644
--- a/crypto/src/tls/DtlsRecordLayer.cs
+++ b/crypto/src/tls/DtlsRecordLayer.cs
@@ -306,7 +306,7 @@ namespace Org.BouncyCastle.Tls
HeartbeatMessageType.heartbeat_request, m_heartbeat.GeneratePayload());
this.m_heartbeatTimeout = new Timeout(m_heartbeat.TimeoutMillis, currentTimeMillis);
- this.m_heartbeatResendMillis = DtlsReliableHandshake.INITIAL_RESEND_MILLIS;
+ this.m_heartbeatResendMillis = TlsUtilities.GetHandshakeResendTimeMillis(m_peer);
this.m_heartbeatResendTimeout = new Timeout(m_heartbeatResendMillis, currentTimeMillis);
SendHeartbeatMessage(m_heartbeatInFlight);
@@ -405,7 +405,7 @@ namespace Org.BouncyCastle.Tls
HeartbeatMessageType.heartbeat_request, m_heartbeat.GeneratePayload());
this.m_heartbeatTimeout = new Timeout(m_heartbeat.TimeoutMillis, currentTimeMillis);
- this.m_heartbeatResendMillis = DtlsReliableHandshake.INITIAL_RESEND_MILLIS;
+ this.m_heartbeatResendMillis = TlsUtilities.GetHandshakeResendTimeMillis(m_peer);
this.m_heartbeatResendTimeout = new Timeout(m_heartbeatResendMillis, currentTimeMillis);
SendHeartbeatMessage(m_heartbeatInFlight);
diff --git a/crypto/src/tls/DtlsReliableHandshake.cs b/crypto/src/tls/DtlsReliableHandshake.cs
index 8d6eb7b84..42a98a991 100644
--- a/crypto/src/tls/DtlsReliableHandshake.cs
+++ b/crypto/src/tls/DtlsReliableHandshake.cs
@@ -11,7 +11,6 @@ namespace Org.BouncyCastle.Tls
private const int MAX_RECEIVE_AHEAD = 16;
private const int MESSAGE_HEADER_LENGTH = 12;
- internal const int INITIAL_RESEND_MILLIS = 1000;
private const int MAX_RESEND_MILLIS = 60000;
/// <exception cref="IOException"/>
@@ -85,21 +84,23 @@ namespace Org.BouncyCastle.Tls
private IDictionary<int, DtlsReassembler> m_previousInboundFlight = null;
private IList<Message> m_outboundFlight = new List<Message>();
+ private readonly int m_initialResendMillis;
private int m_resendMillis = -1;
private Timeout m_resendTimeout = null;
private int m_next_send_seq = 0, m_next_receive_seq = 0;
internal DtlsReliableHandshake(TlsContext context, DtlsRecordLayer transport, int timeoutMillis,
- DtlsRequest request)
+ int initialResendMillis, DtlsRequest request)
{
this.m_recordLayer = transport;
this.m_handshakeHash = new DeferredHash(context);
this.m_handshakeTimeout = Timeout.ForWaitMillis(timeoutMillis);
+ m_initialResendMillis = initialResendMillis;
if (null != request)
{
- this.m_resendMillis = INITIAL_RESEND_MILLIS;
+ this.m_resendMillis = m_initialResendMillis;
this.m_resendTimeout = new Timeout(m_resendMillis);
long recordSeq = request.RecordSeq;
@@ -298,7 +299,7 @@ namespace Org.BouncyCastle.Tls
if (null == m_resendTimeout)
{
- m_resendMillis = INITIAL_RESEND_MILLIS;
+ m_resendMillis = m_initialResendMillis;
m_resendTimeout = new Timeout(m_resendMillis, currentTimeMillis);
PrepareInboundFlight(new Dictionary<int, DtlsReassembler>());
diff --git a/crypto/src/tls/DtlsServerProtocol.cs b/crypto/src/tls/DtlsServerProtocol.cs
index f2eaf31f8..a4f8f4bc5 100644
--- a/crypto/src/tls/DtlsServerProtocol.cs
+++ b/crypto/src/tls/DtlsServerProtocol.cs
@@ -89,7 +89,8 @@ namespace Org.BouncyCastle.Tls
SecurityParameters securityParameters = state.serverContext.SecurityParameters;
DtlsReliableHandshake handshake = new DtlsReliableHandshake(state.serverContext, recordLayer,
- state.server.GetHandshakeTimeoutMillis(), request);
+ state.server.GetHandshakeTimeoutMillis(), TlsUtilities.GetHandshakeResendTimeMillis(state.server),
+ request);
DtlsReliableHandshake.Message clientMessage = null;
diff --git a/crypto/src/tls/TlsPeer.cs b/crypto/src/tls/TlsPeer.cs
index 04d66d38f..4f16978d9 100644
--- a/crypto/src/tls/TlsPeer.cs
+++ b/crypto/src/tls/TlsPeer.cs
@@ -31,6 +31,14 @@ namespace Org.BouncyCastle.Tls
/// <returns>the handshake timeout, in milliseconds.</returns>
int GetHandshakeTimeoutMillis();
+ /// <summary>Specify the time, in milliseconds, after which a handshake packet is resent.</summary>
+ /// <remarks>
+ /// NOTE: Currently only respected by DTLS protocols.
+ /// </remarks>
+ /// <returns>the handshake resend time, in milliseconds.</returns>
+ // TODO[api]
+ //int GetHandshakeResendTimeMillis();
+
bool AllowLegacyResumption();
int GetMaxCertificateChainLength();
diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs
index a2ee82f9e..69a458a5a 100644
--- a/crypto/src/tls/TlsUtilities.cs
+++ b/crypto/src/tls/TlsUtilities.cs
@@ -5721,5 +5721,14 @@ namespace Org.BouncyCastle.Tls
}
return v;
}
+
+ // TODO[api] Not needed once GetHandshakeResendTimeMillis() has been added to TlsPeer
+ internal static int GetHandshakeResendTimeMillis(TlsPeer tlsPeer)
+ {
+ if (tlsPeer is AbstractTlsPeer abstractTlsPeer)
+ return abstractTlsPeer.GetHandshakeResendTimeMillis();
+
+ return 1000;
+ }
}
}
|
