summary refs log tree commit diff
path: root/crypto/src/tls
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src/tls')
-rw-r--r--crypto/src/tls/DtlsClientProtocol.cs14
-rw-r--r--crypto/src/tls/TlsClientProtocol.cs12
-rw-r--r--crypto/src/tls/TlsServerProtocol.cs40
3 files changed, 33 insertions, 33 deletions
diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs
index fd9985ab5..fd71a07ed 100644
--- a/crypto/src/tls/DtlsClientProtocol.cs
+++ b/crypto/src/tls/DtlsClientProtocol.cs
@@ -418,6 +418,13 @@ namespace Org.BouncyCastle.Tls
 
             context.SetClientVersion(client_version);
 
+            {
+                bool useGmtUnixTime = ProtocolVersion.DTLSv12.IsEqualOrLaterVersionOf(client_version)
+                    && state.client.ShouldUseGmtUnixTime();
+
+                securityParameters.m_clientRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, state.clientContext);
+            }
+
             byte[] session_id = TlsUtilities.GetSessionID(state.tlsSession);
 
             bool fallback = state.client.IsFallback();
@@ -471,13 +478,6 @@ namespace Org.BouncyCastle.Tls
                 throw new TlsFatalAlert(AlertDescription.internal_error);
             }
 
-            {
-                bool useGmtUnixTime = ProtocolVersion.DTLSv12.IsEqualOrLaterVersionOf(client_version)
-                    && state.client.ShouldUseGmtUnixTime();
-
-                securityParameters.m_clientRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, state.clientContext);
-            }
-
             // Cipher Suites (and SCSV)
             {
                 /*
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index ba2b565ca..399d8c9b8 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -1638,6 +1638,12 @@ namespace Org.BouncyCastle.Tls
             bool offeringTlsV12Minus = ProtocolVersion.TLSv12.IsEqualOrLaterVersionOf(earliestVersion);
             bool offeringTlsV13Plus = ProtocolVersion.TLSv13.IsEqualOrEarlierVersionOf(latestVersion);
 
+            {
+                bool useGmtUnixTime = !offeringTlsV13Plus && m_tlsClient.ShouldUseGmtUnixTime();
+
+                securityParameters.m_clientRandom = CreateRandomBlock(useGmtUnixTime, m_tlsClientContext);
+            }
+
             EstablishSession(offeringTlsV12Minus ? m_tlsClient.GetSessionToResume() : null);
             m_tlsClient.NotifySessionToResume(m_tlsSession);
 
@@ -1710,12 +1716,6 @@ namespace Org.BouncyCastle.Tls
                 throw new TlsFatalAlert(AlertDescription.internal_error);
             }
 
-            {
-                bool useGmtUnixTime = !offeringTlsV13Plus && m_tlsClient.ShouldUseGmtUnixTime();
-
-                securityParameters.m_clientRandom = CreateRandomBlock(useGmtUnixTime, m_tlsClientContext);
-            }
-
             // NOT renegotiating
             {
                 /*
diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs
index c90ef4109..88bc9d5fa 100644
--- a/crypto/src/tls/TlsServerProtocol.cs
+++ b/crypto/src/tls/TlsServerProtocol.cs
@@ -187,6 +187,15 @@ namespace Org.BouncyCastle.Tls
             }
             else
             {
+                {
+                    securityParameters.m_serverRandom = CreateRandomBlock(false, m_tlsServerContext);
+
+                    if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions())))
+                    {
+                        TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom);
+                    }
+                }
+
                 this.m_clientExtensions = clientHelloExtensions;
 
                 securityParameters.m_secureRenegotiation = false;
@@ -230,15 +239,6 @@ namespace Org.BouncyCastle.Tls
                 TlsUtilities.NegotiatedVersionTlsServer(m_tlsServerContext);
 
                 {
-                    securityParameters.m_serverRandom = CreateRandomBlock(false, m_tlsServerContext);
-
-                    if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions())))
-                    {
-                        TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom);
-                    }
-                }
-
-                {
                     // TODO[tls13] Constrain selection when PSK selected
                     int cipherSuite = m_tlsServer.GetSelectedCipherSuite();
 
@@ -460,6 +460,17 @@ namespace Org.BouncyCastle.Tls
 
             m_recordStream.SetWriteVersion(serverVersion);
 
+            {
+                bool useGmtUnixTime = m_tlsServer.ShouldUseGmtUnixTime();
+
+                securityParameters.m_serverRandom = CreateRandomBlock(useGmtUnixTime, m_tlsServerContext);
+
+                if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions())))
+                {
+                    TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom);
+                }
+            }
+
             this.m_clientExtensions = clientHello.Extensions;
 
             byte[] clientRenegExtData = TlsUtilities.GetExtensionData(m_clientExtensions, ExtensionType.renegotiation_info);
@@ -557,17 +568,6 @@ namespace Org.BouncyCastle.Tls
             TlsUtilities.NegotiatedVersionTlsServer(m_tlsServerContext);
 
             {
-                bool useGmtUnixTime = m_tlsServer.ShouldUseGmtUnixTime();
-
-                securityParameters.m_serverRandom = CreateRandomBlock(useGmtUnixTime, m_tlsServerContext);
-
-                if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions())))
-                {
-                    TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom);
-                }
-            }
-
-            {
                 int cipherSuite = m_resumedSession
                     ?   m_sessionParameters.CipherSuite
                     :   m_tlsServer.GetSelectedCipherSuite();