diff options
Diffstat (limited to 'crypto/src/tls/TlsServerProtocol.cs')
| -rw-r--r-- | crypto/src/tls/TlsServerProtocol.cs | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs index 523fc0030..a21ae69cd 100644 --- a/crypto/src/tls/TlsServerProtocol.cs +++ b/crypto/src/tls/TlsServerProtocol.cs @@ -899,11 +899,13 @@ namespace Org.BouncyCastle.Tls ServerHello serverHello = GenerateServerHello(clientHello, buf); m_handshakeHash.NotifyPrfDetermined(); - - if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion)) + if (!ProtocolVersion.TLSv12.Equals(securityParameters.NegotiatedVersion)) { m_handshakeHash.SealHashAlgorithms(); + } + if (TlsUtilities.IsTlsV13(securityParameters.NegotiatedVersion)) + { if (serverHello.IsHelloRetryRequest()) { TlsUtilities.AdjustTranscriptForRetry(m_handshakeHash); @@ -1026,19 +1028,32 @@ namespace Org.BouncyCastle.Tls TlsUtilities.EstablishServerSigAlgs(securityParameters, m_certificateRequest); - TlsUtilities.TrackHashAlgorithms(m_handshakeHash, securityParameters.ServerSigAlgs); + if (ProtocolVersion.TLSv12.Equals(securityParameters.NegotiatedVersion)) + { + TlsUtilities.TrackHashAlgorithms(m_handshakeHash, securityParameters.ServerSigAlgs); - SendCertificateRequestMessage(m_certificateRequest); - this.m_connectionState = CS_SERVER_CERTIFICATE_REQUEST; + if (!m_tlsServerContext.Crypto.HasAllRawSignatureAlgorithms()) + { + m_handshakeHash.ForceBuffering(); + } + } } } + if (ProtocolVersion.TLSv12.Equals(securityParameters.NegotiatedVersion)) + { + m_handshakeHash.SealHashAlgorithms(); + } + + if (null != m_certificateRequest) + { + SendCertificateRequestMessage(m_certificateRequest); + this.m_connectionState = CS_SERVER_CERTIFICATE_REQUEST; + } + SendServerHelloDoneMessage(); this.m_connectionState = CS_SERVER_HELLO_DONE; - bool forceBuffering = false; - TlsUtilities.SealHandshakeHash(m_tlsServerContext, m_handshakeHash, forceBuffering); - break; } default: |