diff --git a/crypto/src/crypto/tls/AbstractTlsKeyExchange.cs b/crypto/src/crypto/tls/AbstractTlsKeyExchange.cs
index 09fb8782d..294b24929 100644
--- a/crypto/src/crypto/tls/AbstractTlsKeyExchange.cs
+++ b/crypto/src/crypto/tls/AbstractTlsKeyExchange.cs
@@ -38,7 +38,7 @@ namespace Org.BouncyCastle.Crypto.Tls
if (TlsUtilities.IsSignatureAlgorithmsExtensionAllowed(clientVersion))
{
/*
- * RFC 5264 7.4.1.4.1. If the client does not send the signature_algorithms extension,
+ * RFC 5246 7.4.1.4.1. If the client does not send the signature_algorithms extension,
* the server MUST do the following:
*
* - If the negotiated key exchange algorithm is one of (RSA, DHE_RSA, DH_RSA, RSA_PSK,
@@ -106,14 +106,14 @@ namespace Org.BouncyCastle.Crypto.Tls
if (mSupportedSignatureAlgorithms == null)
{
/*
- * TODO RFC 2264 7.4.2. Unless otherwise specified, the signing algorithm for the
+ * TODO RFC 2246 7.4.2. Unless otherwise specified, the signing algorithm for the
* certificate must be the same as the algorithm for the certificate key.
*/
}
else
{
/*
- * TODO RFC 5264 7.4.2. If the client provided a "signature_algorithms" extension, then
+ * TODO RFC 5246 7.4.2. If the client provided a "signature_algorithms" extension, then
* all certificates provided by the server MUST be signed by a hash/signature algorithm
* pair that appears in that extension.
*/
diff --git a/crypto/src/crypto/tls/DtlsClientProtocol.cs b/crypto/src/crypto/tls/DtlsClientProtocol.cs
index 90430d772..ae6e6a573 100644
--- a/crypto/src/crypto/tls/DtlsClientProtocol.cs
+++ b/crypto/src/crypto/tls/DtlsClientProtocol.cs
@@ -776,7 +776,7 @@ namespace Org.BouncyCastle.Crypto.Tls
securityParameters.CipherSuite);
/*
- * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify verify_data_length has
+ * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify verify_data_length has
* a verify_data_length equal to 12. This includes all existing cipher suites.
*/
securityParameters.verifyDataLength = 12;
diff --git a/crypto/src/crypto/tls/DtlsRecordLayer.cs b/crypto/src/crypto/tls/DtlsRecordLayer.cs
index 4a781b5b5..3c3e1821f 100644
--- a/crypto/src/crypto/tls/DtlsRecordLayer.cs
+++ b/crypto/src/crypto/tls/DtlsRecordLayer.cs
@@ -491,7 +491,7 @@ namespace Org.BouncyCastle.Crypto.Tls
throw new TlsFatalAlert(AlertDescription.internal_error);
/*
- * RFC 5264 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert,
+ * RFC 5246 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert,
* or ChangeCipherSpec content types.
*/
if (len < 1 && contentType != ContentType.application_data)
diff --git a/crypto/src/crypto/tls/DtlsServerProtocol.cs b/crypto/src/crypto/tls/DtlsServerProtocol.cs
index fbf33045b..3032269d1 100644
--- a/crypto/src/crypto/tls/DtlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/DtlsServerProtocol.cs
@@ -425,7 +425,7 @@ namespace Org.BouncyCastle.Crypto.Tls
securityParameters.CipherSuite);
/*
- * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify verify_data_length
+ * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify verify_data_length
* has a verify_data_length equal to 12. This includes all existing cipher suites.
*/
securityParameters.verifyDataLength = 12;
diff --git a/crypto/src/crypto/tls/RecordStream.cs b/crypto/src/crypto/tls/RecordStream.cs
index cddd5e6d7..46673cf7e 100644
--- a/crypto/src/crypto/tls/RecordStream.cs
+++ b/crypto/src/crypto/tls/RecordStream.cs
@@ -208,7 +208,7 @@ namespace Org.BouncyCastle.Crypto.Tls
CheckLength(decoded.Length, mCompressedLimit, AlertDescription.record_overflow);
/*
- * TODO RFC5264 6.2.2. Implementation note: Decompression functions are responsible for
+ * TODO 5246 6.2.2. Implementation note: Decompression functions are responsible for
* ensuring that messages cannot cause internal buffer overflows.
*/
Stream cOut = mReadCompression.Decompress(mBuffer);
@@ -220,14 +220,14 @@ namespace Org.BouncyCastle.Crypto.Tls
}
/*
- * RFC 5264 6.2.2. If the decompression function encounters a TLSCompressed.fragment that
+ * RFC 5246 6.2.2. If the decompression function encounters a TLSCompressed.fragment that
* would decompress to a length in excess of 2^14 bytes, it should report a fatal
* decompression failure error.
*/
CheckLength(decoded.Length, mPlaintextLimit, AlertDescription.decompression_failure);
/*
- * RFC 5264 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert,
+ * RFC 5246 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert,
* or ChangeCipherSpec content types.
*/
if (decoded.Length < 1 && type != ContentType.application_data)
@@ -243,18 +243,18 @@ namespace Org.BouncyCastle.Crypto.Tls
return;
/*
- * RFC 5264 6. Implementations MUST NOT send record types not defined in this document
+ * RFC 5246 6. Implementations MUST NOT send record types not defined in this document
* unless negotiated by some extension.
*/
CheckType(type, AlertDescription.internal_error);
/*
- * RFC 5264 6.2.1 The length should not exceed 2^14.
+ * RFC 5246 6.2.1 The length should not exceed 2^14.
*/
CheckLength(plaintextLength, mPlaintextLimit, AlertDescription.internal_error);
/*
- * RFC 5264 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert,
+ * RFC 5246 6.2.1 Implementations MUST NOT send zero-length fragments of Handshake, Alert,
* or ChangeCipherSpec content types.
*/
if (plaintextLength < 1 && type != ContentType.application_data)
@@ -274,7 +274,7 @@ namespace Org.BouncyCastle.Crypto.Tls
byte[] compressed = GetBufferContents();
/*
- * RFC5264 6.2.2. Compression must be lossless and may not increase the content length
+ * RFC 5246 6.2.2. Compression must be lossless and may not increase the content length
* by more than 1024 bytes.
*/
CheckLength(compressed.Length, plaintextLength + 1024, AlertDescription.internal_error);
@@ -283,7 +283,7 @@ namespace Org.BouncyCastle.Crypto.Tls
}
/*
- * RFC 5264 6.2.3. The length may not exceed 2^14 + 2048.
+ * RFC 5246 6.2.3. The length may not exceed 2^14 + 2048.
*/
CheckLength(ciphertext.Length, mCiphertextLimit, AlertDescription.internal_error);
diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs
index 4e4a7a492..0ea84c05c 100644
--- a/crypto/src/crypto/tls/TlsClientProtocol.cs
+++ b/crypto/src/crypto/tls/TlsClientProtocol.cs
@@ -790,7 +790,7 @@ namespace Org.BouncyCastle.Crypto.Tls
this.mSecurityParameters.prfAlgorithm = GetPrfAlgorithm(Context, this.mSecurityParameters.CipherSuite);
/*
- * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify
+ * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify
* verify_data_length has a verify_data_length equal to 12. This includes all
* existing cipher suites.
*/
diff --git a/crypto/src/crypto/tls/TlsRsaSigner.cs b/crypto/src/crypto/tls/TlsRsaSigner.cs
index 6da1c5e9b..1614f503b 100644
--- a/crypto/src/crypto/tls/TlsRsaSigner.cs
+++ b/crypto/src/crypto/tls/TlsRsaSigner.cs
@@ -91,7 +91,7 @@ namespace Org.BouncyCastle.Crypto.Tls
protected virtual IAsymmetricBlockCipher CreateRsaImpl()
{
/*
- * RFC 5264 7.4.7.1. Implementation note: It is now known that remote timing-based attacks
+ * RFC 5246 7.4.7.1. Implementation note: It is now known that remote timing-based attacks
* on TLS are possible, at least when the client and server are on the same LAN.
* Accordingly, implementations that use static RSA keys MUST use RSA blinding or some other
* anti-timing technique, as described in [TIMING].
diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs
index db823539a..5f3ce18e2 100644
--- a/crypto/src/crypto/tls/TlsServerProtocol.cs
+++ b/crypto/src/crypto/tls/TlsServerProtocol.cs
@@ -786,7 +786,7 @@ namespace Org.BouncyCastle.Crypto.Tls
mSecurityParameters.prfAlgorithm = GetPrfAlgorithm(Context, mSecurityParameters.CipherSuite);
/*
- * RFC 5264 7.4.9. Any cipher suite which does not explicitly specify verify_data_length has
+ * RFC 5246 7.4.9. Any cipher suite which does not explicitly specify verify_data_length has
* a verify_data_length equal to 12. This includes all existing cipher suites.
*/
mSecurityParameters.verifyDataLength = 12;
|
