summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/crypto/tls/AbstractTlsServer.cs7
-rw-r--r--crypto/src/crypto/tls/ExtensionType.cs8
-rw-r--r--crypto/src/crypto/tls/TlsClientProtocol.cs7
3 files changed, 12 insertions, 10 deletions
diff --git a/crypto/src/crypto/tls/AbstractTlsServer.cs b/crypto/src/crypto/tls/AbstractTlsServer.cs

index 08bb289cf..c2c6fd57c 100644
--- a/crypto/src/crypto/tls/AbstractTlsServer.cs
+++ b/crypto/src/crypto/tls/AbstractTlsServer.cs
@@ -223,9 +223,10 @@ namespace Org.BouncyCastle.Crypto.Tls
             if (this.mEncryptThenMacOffered && AllowEncryptThenMac)
             {
                 /*
-                 * draft-ietf-tls-encrypt-then-mac-03 3. If a server receives an encrypt-then-MAC
-                 * request extension from a client and then selects a stream or AEAD cipher suite, it
-                 * MUST NOT send an encrypt-then-MAC response extension back to the client.
+                 * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client
+                 * and then selects a stream or Authenticated Encryption with Associated Data (AEAD)
+                 * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the
+                 * client.
                  */
                 if (TlsUtilities.IsBlockCipherSuite(this.mSelectedCipherSuite))
                 {
diff --git a/crypto/src/crypto/tls/ExtensionType.cs b/crypto/src/crypto/tls/ExtensionType.cs

index f5c2523f3..3d00509af 100644
--- a/crypto/src/crypto/tls/ExtensionType.cs
+++ b/crypto/src/crypto/tls/ExtensionType.cs
@@ -44,14 +44,14 @@ namespace Org.BouncyCastle.Crypto.Tls
         public const int heartbeat = 15;
 
         /*
-         * RFC 5077 7.
+         * RFC 7366
          */
-        public const int session_ticket = 35;
+        public const int encrypt_then_mac = 22;
 
         /*
-         * draft-ietf-tls-encrypt-then-mac-03
+         * RFC 5077 7.
          */
-        public const int encrypt_then_mac = 22;
+        public const int session_ticket = 35;
 
         /*
          * draft-ietf-tls-session-hash-01
diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs

index 54a68c4ff..9fe50add8 100644
--- a/crypto/src/crypto/tls/TlsClientProtocol.cs
+++ b/crypto/src/crypto/tls/TlsClientProtocol.cs
@@ -747,9 +747,10 @@ namespace Org.BouncyCastle.Crypto.Tls
             if (sessionServerExtensions != null)
             {
                 /*
-                 * draft-ietf-tls-encrypt-then-mac-03 3. If a server receives an encrypt-then-MAC
-                 * request extension from a client and then selects a stream or AEAD cipher suite, it
-                 * MUST NOT Send an encrypt-then-MAC response extension back to the client.
+                 * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client
+                 * and then selects a stream or Authenticated Encryption with Associated Data (AEAD)
+                 * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the
+                 * client.
                  */
                 bool serverSentEncryptThenMAC = TlsExtensionsUtilities.HasEncryptThenMacExtension(sessionServerExtensions);
                 if (serverSentEncryptThenMAC && !TlsUtilities.IsBlockCipherSuite(selectedCipherSuite))
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-15 12:09:34 +0000