TLS: extra client validation of ServerHello parameters

author: Peter Dettman <peter.dettman@bouncycastle.org> 2023-07-05 09:48:49 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2023-07-05 09:48:49 +0700
commit: ac7670aa24f4be8b3d1c89db53c6e7c598b86dea (patch)
tree: 5ec0ddd5a4d0134a1239d6f76127b72ddd8eb591 /crypto/src
parent: Add TlsClient.ShouldUseCompatibilityMode (diff)
download: BouncyCastle.NET-ed25519-ac7670aa24f4be8b3d1c89db53c6e7c598b86dea.tar.xz
1 files changed, 12 insertions, 1 deletions
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 99d088622..cff541db3 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -1112,6 +1112,16 @@ namespace Org.BouncyCastle.Tls
                 m_tlsClient.NotifySessionID(selectedSessionID);
                 securityParameters.m_resumedSession = selectedSessionID.Length > 0 && m_tlsSession != null
                     && Arrays.AreEqual(selectedSessionID, m_tlsSession.SessionID);
+
+                if (securityParameters.IsResumedSession)
+                {
+                    if (serverHello.CipherSuite != m_sessionParameters.CipherSuite ||
+                        !securityParameters.NegotiatedVersion.Equals(m_sessionParameters.NegotiatedVersion))
+                    {
+                        throw new TlsFatalAlert(AlertDescription.illegal_parameter,
+                            "ServerHello parameters do not match resumed session");
+                    }
+                }
             }
 
             /*
@@ -1124,7 +1134,8 @@ namespace Org.BouncyCastle.Tls
                 if (!TlsUtilities.IsValidCipherSuiteSelection(offeredCipherSuites, cipherSuite) ||
                     !TlsUtilities.IsValidVersionForCipherSuite(cipherSuite, securityParameters.NegotiatedVersion))
                 {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
+                    throw new TlsFatalAlert(AlertDescription.illegal_parameter,
+                        "ServerHello selected invalid cipher suite");
                 }
 
                 TlsUtilities.NegotiatedCipherSuite(securityParameters, cipherSuite);
author	Peter Dettman <peter.dettman@bouncycastle.org>	2023-07-05 09:48:49 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2023-07-05 09:48:49 +0700
commit	ac7670aa24f4be8b3d1c89db53c6e7c598b86dea (patch)
tree	5ec0ddd5a4d0134a1239d6f76127b72ddd8eb591 /crypto/src
parent	Add TlsClient.ShouldUseCompatibilityMode (diff)
download	BouncyCastle.NET-ed25519-ac7670aa24f4be8b3d1c89db53c6e7c598b86dea.tar.xz