(D)TLS: Clean up redundant resumption checks

author: Peter Dettman <peter.dettman@bouncycastle.org> 2023-07-13 14:42:03 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2023-07-13 14:42:03 +0700
commit: 7a63d39947753476a5c819d09a21e800771bc155 (patch)
tree: 6303290fc8f2b5fac643371830fec57c490b2414 /crypto
parent: Add DtlsRawKeysProtocolTest (diff)
download: BouncyCastle.NET-ed25519-7a63d39947753476a5c819d09a21e800771bc155.tar.xz
2 files changed, 2 insertions, 22 deletions
diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs
index 5c5686bbb..88ebbb636 100644
--- a/crypto/src/tls/DtlsClientProtocol.cs
+++ b/crypto/src/tls/DtlsClientProtocol.cs
@@ -995,12 +995,6 @@ namespace Org.BouncyCastle.Tls
 
             if (securityParameters.IsResumedSession)
             {
-                if (securityParameters.CipherSuite != state.sessionParameters.CipherSuite
-                    || !server_version.Equals(state.sessionParameters.NegotiatedVersion))
-                {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-                }
-
                 sessionClientExtensions = null;
                 sessionServerExtensions = state.sessionParameters.ReadServerExtensions();
             }
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 30ad67fbe..6968e5e55 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -1277,14 +1277,9 @@ namespace Org.BouncyCastle.Tls
 
             var sessionClientExtensions = m_clientExtensions;
             var sessionServerExtensions = serverHelloExtensions;
+
             if (securityParameters.IsResumedSession)
             {
-                if (securityParameters.CipherSuite != m_sessionParameters.CipherSuite
-                    || !server_version.Equals(m_sessionParameters.NegotiatedVersion))
-                {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-                }
-
                 sessionClientExtensions = null;
                 sessionServerExtensions = m_sessionParameters.ReadServerExtensions();
             }
@@ -1312,10 +1307,6 @@ namespace Org.BouncyCastle.Tls
                 securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension(
                     sessionServerExtensions);
 
-                /*
-                 * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in
-                 * a session resumption handshake.
-                 */
                 if (!securityParameters.IsResumedSession)
                 {
                     // TODO[tls13] See RFC 8446 4.4.2.1
@@ -1419,14 +1410,9 @@ namespace Org.BouncyCastle.Tls
 
             var sessionClientExtensions = m_clientExtensions;
             var sessionServerExtensions = m_serverExtensions;
+
             if (securityParameters.IsResumedSession)
             {
-                if (securityParameters.CipherSuite != m_sessionParameters.CipherSuite
-                    || !negotiatedVersion.Equals(m_sessionParameters.NegotiatedVersion))
-                {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-                }
-
                 sessionClientExtensions = null;
                 sessionServerExtensions = m_sessionParameters.ReadServerExtensions();
             }
author	Peter Dettman <peter.dettman@bouncycastle.org>	2023-07-13 14:42:03 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2023-07-13 14:42:03 +0700
commit	7a63d39947753476a5c819d09a21e800771bc155 (patch)
tree	6303290fc8f2b5fac643371830fec57c490b2414 /crypto
parent	Add DtlsRawKeysProtocolTest (diff)
download	BouncyCastle.NET-ed25519-7a63d39947753476a5c819d09a21e800771bc155.tar.xz