diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs
index fd9985ab5..fd71a07ed 100644
--- a/crypto/src/tls/DtlsClientProtocol.cs
+++ b/crypto/src/tls/DtlsClientProtocol.cs
@@ -418,6 +418,13 @@ namespace Org.BouncyCastle.Tls
context.SetClientVersion(client_version);
+ {
+ bool useGmtUnixTime = ProtocolVersion.DTLSv12.IsEqualOrLaterVersionOf(client_version)
+ && state.client.ShouldUseGmtUnixTime();
+
+ securityParameters.m_clientRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, state.clientContext);
+ }
+
byte[] session_id = TlsUtilities.GetSessionID(state.tlsSession);
bool fallback = state.client.IsFallback();
@@ -471,13 +478,6 @@ namespace Org.BouncyCastle.Tls
throw new TlsFatalAlert(AlertDescription.internal_error);
}
- {
- bool useGmtUnixTime = ProtocolVersion.DTLSv12.IsEqualOrLaterVersionOf(client_version)
- && state.client.ShouldUseGmtUnixTime();
-
- securityParameters.m_clientRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, state.clientContext);
- }
-
// Cipher Suites (and SCSV)
{
/*
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index ba2b565ca..399d8c9b8 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -1638,6 +1638,12 @@ namespace Org.BouncyCastle.Tls
bool offeringTlsV12Minus = ProtocolVersion.TLSv12.IsEqualOrLaterVersionOf(earliestVersion);
bool offeringTlsV13Plus = ProtocolVersion.TLSv13.IsEqualOrEarlierVersionOf(latestVersion);
+ {
+ bool useGmtUnixTime = !offeringTlsV13Plus && m_tlsClient.ShouldUseGmtUnixTime();
+
+ securityParameters.m_clientRandom = CreateRandomBlock(useGmtUnixTime, m_tlsClientContext);
+ }
+
EstablishSession(offeringTlsV12Minus ? m_tlsClient.GetSessionToResume() : null);
m_tlsClient.NotifySessionToResume(m_tlsSession);
@@ -1710,12 +1716,6 @@ namespace Org.BouncyCastle.Tls
throw new TlsFatalAlert(AlertDescription.internal_error);
}
- {
- bool useGmtUnixTime = !offeringTlsV13Plus && m_tlsClient.ShouldUseGmtUnixTime();
-
- securityParameters.m_clientRandom = CreateRandomBlock(useGmtUnixTime, m_tlsClientContext);
- }
-
// NOT renegotiating
{
/*
diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs
index c90ef4109..88bc9d5fa 100644
--- a/crypto/src/tls/TlsServerProtocol.cs
+++ b/crypto/src/tls/TlsServerProtocol.cs
@@ -187,6 +187,15 @@ namespace Org.BouncyCastle.Tls
}
else
{
+ {
+ securityParameters.m_serverRandom = CreateRandomBlock(false, m_tlsServerContext);
+
+ if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions())))
+ {
+ TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom);
+ }
+ }
+
this.m_clientExtensions = clientHelloExtensions;
securityParameters.m_secureRenegotiation = false;
@@ -230,15 +239,6 @@ namespace Org.BouncyCastle.Tls
TlsUtilities.NegotiatedVersionTlsServer(m_tlsServerContext);
{
- securityParameters.m_serverRandom = CreateRandomBlock(false, m_tlsServerContext);
-
- if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions())))
- {
- TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom);
- }
- }
-
- {
// TODO[tls13] Constrain selection when PSK selected
int cipherSuite = m_tlsServer.GetSelectedCipherSuite();
@@ -460,6 +460,17 @@ namespace Org.BouncyCastle.Tls
m_recordStream.SetWriteVersion(serverVersion);
+ {
+ bool useGmtUnixTime = m_tlsServer.ShouldUseGmtUnixTime();
+
+ securityParameters.m_serverRandom = CreateRandomBlock(useGmtUnixTime, m_tlsServerContext);
+
+ if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions())))
+ {
+ TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom);
+ }
+ }
+
this.m_clientExtensions = clientHello.Extensions;
byte[] clientRenegExtData = TlsUtilities.GetExtensionData(m_clientExtensions, ExtensionType.renegotiation_info);
@@ -557,17 +568,6 @@ namespace Org.BouncyCastle.Tls
TlsUtilities.NegotiatedVersionTlsServer(m_tlsServerContext);
{
- bool useGmtUnixTime = m_tlsServer.ShouldUseGmtUnixTime();
-
- securityParameters.m_serverRandom = CreateRandomBlock(useGmtUnixTime, m_tlsServerContext);
-
- if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions())))
- {
- TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom);
- }
- }
-
- {
int cipherSuite = m_resumedSession
? m_sessionParameters.CipherSuite
: m_tlsServer.GetSelectedCipherSuite();
|
