From 2cb589c0cbd7188ef3f2f70305f13d2eab9ffe60 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 30 May 2022 00:36:32 +0700 Subject: Set randoms before extensions processing - see https://github.com/bcgit/bc-java/issues/1167 --- crypto/src/tls/DtlsClientProtocol.cs | 14 ++++----- crypto/src/tls/TlsClientProtocol.cs | 12 ++++---- crypto/src/tls/TlsServerProtocol.cs | 40 +++++++++++++------------- crypto/test/src/tls/test/MockDtlsClient.cs | 17 +++++++++++ crypto/test/src/tls/test/MockDtlsServer.cs | 24 ++++++++++++++++ crypto/test/src/tls/test/MockPskDtlsClient.cs | 17 +++++++++++ crypto/test/src/tls/test/MockPskDtlsServer.cs | 25 ++++++++++++++++ crypto/test/src/tls/test/MockPskTls13Client.cs | 16 +++++++++++ crypto/test/src/tls/test/MockPskTls13Server.cs | 24 ++++++++++++++++ crypto/test/src/tls/test/MockPskTlsClient.cs | 11 +++++++ crypto/test/src/tls/test/MockPskTlsServer.cs | 24 ++++++++++++++++ crypto/test/src/tls/test/MockSrpTlsClient.cs | 11 +++++++ crypto/test/src/tls/test/MockSrpTlsServer.cs | 24 ++++++++++++++++ crypto/test/src/tls/test/MockTlsClient.cs | 11 +++++++ crypto/test/src/tls/test/MockTlsServer.cs | 24 ++++++++++++++++ crypto/test/src/tls/test/TlsTestClientImpl.cs | 11 +++++++ crypto/test/src/tls/test/TlsTestServerImpl.cs | 24 ++++++++++++++++ 17 files changed, 296 insertions(+), 33 deletions(-) diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs index fd9985ab5..fd71a07ed 100644 --- a/crypto/src/tls/DtlsClientProtocol.cs +++ b/crypto/src/tls/DtlsClientProtocol.cs @@ -418,6 +418,13 @@ namespace Org.BouncyCastle.Tls context.SetClientVersion(client_version); + { + bool useGmtUnixTime = ProtocolVersion.DTLSv12.IsEqualOrLaterVersionOf(client_version) + && state.client.ShouldUseGmtUnixTime(); + + securityParameters.m_clientRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, state.clientContext); + } + byte[] session_id = TlsUtilities.GetSessionID(state.tlsSession); bool fallback = state.client.IsFallback(); @@ -471,13 +478,6 @@ namespace Org.BouncyCastle.Tls throw new TlsFatalAlert(AlertDescription.internal_error); } - { - bool useGmtUnixTime = ProtocolVersion.DTLSv12.IsEqualOrLaterVersionOf(client_version) - && state.client.ShouldUseGmtUnixTime(); - - securityParameters.m_clientRandom = TlsProtocol.CreateRandomBlock(useGmtUnixTime, state.clientContext); - } - // Cipher Suites (and SCSV) { /* diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs index ba2b565ca..399d8c9b8 100644 --- a/crypto/src/tls/TlsClientProtocol.cs +++ b/crypto/src/tls/TlsClientProtocol.cs @@ -1638,6 +1638,12 @@ namespace Org.BouncyCastle.Tls bool offeringTlsV12Minus = ProtocolVersion.TLSv12.IsEqualOrLaterVersionOf(earliestVersion); bool offeringTlsV13Plus = ProtocolVersion.TLSv13.IsEqualOrEarlierVersionOf(latestVersion); + { + bool useGmtUnixTime = !offeringTlsV13Plus && m_tlsClient.ShouldUseGmtUnixTime(); + + securityParameters.m_clientRandom = CreateRandomBlock(useGmtUnixTime, m_tlsClientContext); + } + EstablishSession(offeringTlsV12Minus ? m_tlsClient.GetSessionToResume() : null); m_tlsClient.NotifySessionToResume(m_tlsSession); @@ -1710,12 +1716,6 @@ namespace Org.BouncyCastle.Tls throw new TlsFatalAlert(AlertDescription.internal_error); } - { - bool useGmtUnixTime = !offeringTlsV13Plus && m_tlsClient.ShouldUseGmtUnixTime(); - - securityParameters.m_clientRandom = CreateRandomBlock(useGmtUnixTime, m_tlsClientContext); - } - // NOT renegotiating { /* diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs index c90ef4109..88bc9d5fa 100644 --- a/crypto/src/tls/TlsServerProtocol.cs +++ b/crypto/src/tls/TlsServerProtocol.cs @@ -187,6 +187,15 @@ namespace Org.BouncyCastle.Tls } else { + { + securityParameters.m_serverRandom = CreateRandomBlock(false, m_tlsServerContext); + + if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions()))) + { + TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom); + } + } + this.m_clientExtensions = clientHelloExtensions; securityParameters.m_secureRenegotiation = false; @@ -229,15 +238,6 @@ namespace Org.BouncyCastle.Tls TlsUtilities.NegotiatedVersionTlsServer(m_tlsServerContext); - { - securityParameters.m_serverRandom = CreateRandomBlock(false, m_tlsServerContext); - - if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions()))) - { - TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom); - } - } - { // TODO[tls13] Constrain selection when PSK selected int cipherSuite = m_tlsServer.GetSelectedCipherSuite(); @@ -460,6 +460,17 @@ namespace Org.BouncyCastle.Tls m_recordStream.SetWriteVersion(serverVersion); + { + bool useGmtUnixTime = m_tlsServer.ShouldUseGmtUnixTime(); + + securityParameters.m_serverRandom = CreateRandomBlock(useGmtUnixTime, m_tlsServerContext); + + if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions()))) + { + TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom); + } + } + this.m_clientExtensions = clientHello.Extensions; byte[] clientRenegExtData = TlsUtilities.GetExtensionData(m_clientExtensions, ExtensionType.renegotiation_info); @@ -556,17 +567,6 @@ namespace Org.BouncyCastle.Tls TlsUtilities.NegotiatedVersionTlsServer(m_tlsServerContext); - { - bool useGmtUnixTime = m_tlsServer.ShouldUseGmtUnixTime(); - - securityParameters.m_serverRandom = CreateRandomBlock(useGmtUnixTime, m_tlsServerContext); - - if (!serverVersion.Equals(ProtocolVersion.GetLatestTls(m_tlsServer.GetProtocolVersions()))) - { - TlsUtilities.WriteDowngradeMarker(serverVersion, securityParameters.ServerRandom); - } - } - { int cipherSuite = m_resumedSession ? m_sessionParameters.CipherSuite diff --git a/crypto/test/src/tls/test/MockDtlsClient.cs b/crypto/test/src/tls/test/MockDtlsClient.cs index deef119ca..e758639ec 100644 --- a/crypto/test/src/tls/test/MockDtlsClient.cs +++ b/crypto/test/src/tls/test/MockDtlsClient.cs @@ -7,6 +7,7 @@ using Org.BouncyCastle.Tls.Crypto.Impl.BC; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Encoders; +using System.Collections; namespace Org.BouncyCastle.Tls.Tests { @@ -102,6 +103,22 @@ namespace Org.BouncyCastle.Tls.Tests } } + public override IDictionary GetClientExtensions() + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetClientExtensions(); + } + + public override void ProcessServerExtensions(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessServerExtensions(serverExtensions); + } + protected virtual string ToHexString(byte[] data) { return data == null ? "(null)" : Hex.ToHexString(data); diff --git a/crypto/test/src/tls/test/MockDtlsServer.cs b/crypto/test/src/tls/test/MockDtlsServer.cs index b3ea7f91c..28498de07 100644 --- a/crypto/test/src/tls/test/MockDtlsServer.cs +++ b/crypto/test/src/tls/test/MockDtlsServer.cs @@ -121,6 +121,30 @@ namespace Org.BouncyCastle.Tls.Tests Console.WriteLine("Server 'tls-unique': " + ToHexString(tlsUnique)); } + public override void ProcessClientExtensions(IDictionary clientExtensions) + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessClientExtensions(clientExtensions); + } + + public override IDictionary GetServerExtensions() + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetServerExtensions(); + } + + public override void GetServerExtensionsForConnection(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.GetServerExtensionsForConnection(serverExtensions); + } + protected override TlsCredentialedDecryptor GetRsaEncryptionCredentials() { return TlsTestUtilities.LoadEncryptionCredentials(m_context, diff --git a/crypto/test/src/tls/test/MockPskDtlsClient.cs b/crypto/test/src/tls/test/MockPskDtlsClient.cs index c83c9e7fd..be40be87a 100644 --- a/crypto/test/src/tls/test/MockPskDtlsClient.cs +++ b/crypto/test/src/tls/test/MockPskDtlsClient.cs @@ -1,4 +1,5 @@ using System; +using System.Collections; using System.IO; using Org.BouncyCastle.Asn1.X509; @@ -107,6 +108,22 @@ namespace Org.BouncyCastle.Tls.Tests } } + public override IDictionary GetClientExtensions() + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetClientExtensions(); + } + + public override void ProcessServerExtensions(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessServerExtensions(serverExtensions); + } + protected virtual string ToHexString(byte[] data) { return data == null ? "(null)" : Hex.ToHexString(data); diff --git a/crypto/test/src/tls/test/MockPskDtlsServer.cs b/crypto/test/src/tls/test/MockPskDtlsServer.cs index bb084535a..d7a161c6f 100644 --- a/crypto/test/src/tls/test/MockPskDtlsServer.cs +++ b/crypto/test/src/tls/test/MockPskDtlsServer.cs @@ -1,4 +1,5 @@ using System; +using System.Collections; using System.IO; using Org.BouncyCastle.Tls.Crypto.Impl.BC; @@ -72,6 +73,30 @@ namespace Org.BouncyCastle.Tls.Tests } } + public override void ProcessClientExtensions(IDictionary clientExtensions) + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessClientExtensions(clientExtensions); + } + + public override IDictionary GetServerExtensions() + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetServerExtensions(); + } + + public override void GetServerExtensionsForConnection(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.GetServerExtensionsForConnection(serverExtensions); + } + protected override TlsCredentialedDecryptor GetRsaEncryptionCredentials() { return TlsTestUtilities.LoadEncryptionCredentials(m_context, diff --git a/crypto/test/src/tls/test/MockPskTls13Client.cs b/crypto/test/src/tls/test/MockPskTls13Client.cs index d8be1fddd..1ed19e969 100644 --- a/crypto/test/src/tls/test/MockPskTls13Client.cs +++ b/crypto/test/src/tls/test/MockPskTls13Client.cs @@ -106,5 +106,21 @@ namespace Org.BouncyCastle.Tls.Tests Console.WriteLine("Client ALPN: " + protocolName.GetUtf8Decoding()); } } + + public override IDictionary GetClientExtensions() + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetClientExtensions(); + } + + public override void ProcessServerExtensions(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessServerExtensions(serverExtensions); + } } } diff --git a/crypto/test/src/tls/test/MockPskTls13Server.cs b/crypto/test/src/tls/test/MockPskTls13Server.cs index d1ea69b95..b084bec99 100644 --- a/crypto/test/src/tls/test/MockPskTls13Server.cs +++ b/crypto/test/src/tls/test/MockPskTls13Server.cs @@ -104,5 +104,29 @@ namespace Org.BouncyCastle.Tls.Tests Console.WriteLine("Server ALPN: " + protocolName.GetUtf8Decoding()); } } + + public override void ProcessClientExtensions(IDictionary clientExtensions) + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessClientExtensions(clientExtensions); + } + + public override IDictionary GetServerExtensions() + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetServerExtensions(); + } + + public override void GetServerExtensionsForConnection(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.GetServerExtensionsForConnection(serverExtensions); + } } } diff --git a/crypto/test/src/tls/test/MockPskTlsClient.cs b/crypto/test/src/tls/test/MockPskTlsClient.cs index 46774266b..e01dd74df 100644 --- a/crypto/test/src/tls/test/MockPskTlsClient.cs +++ b/crypto/test/src/tls/test/MockPskTlsClient.cs @@ -65,6 +65,9 @@ namespace Org.BouncyCastle.Tls.Tests public override IDictionary GetClientExtensions() { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised( base.GetClientExtensions()); @@ -132,6 +135,14 @@ namespace Org.BouncyCastle.Tls.Tests } } + public override void ProcessServerExtensions(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessServerExtensions(serverExtensions); + } + protected virtual string ToHexString(byte[] data) { return data == null ? "(null)" : Hex.ToHexString(data); diff --git a/crypto/test/src/tls/test/MockPskTlsServer.cs b/crypto/test/src/tls/test/MockPskTlsServer.cs index 743073b04..acfa1bc56 100644 --- a/crypto/test/src/tls/test/MockPskTlsServer.cs +++ b/crypto/test/src/tls/test/MockPskTlsServer.cs @@ -81,6 +81,30 @@ namespace Org.BouncyCastle.Tls.Tests } } + public override void ProcessClientExtensions(IDictionary clientExtensions) + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessClientExtensions(clientExtensions); + } + + public override IDictionary GetServerExtensions() + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetServerExtensions(); + } + + public override void GetServerExtensionsForConnection(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.GetServerExtensionsForConnection(serverExtensions); + } + protected override TlsCredentialedDecryptor GetRsaEncryptionCredentials() { return TlsTestUtilities.LoadEncryptionCredentials(m_context, diff --git a/crypto/test/src/tls/test/MockSrpTlsClient.cs b/crypto/test/src/tls/test/MockSrpTlsClient.cs index 3d2232893..ac7340ca1 100644 --- a/crypto/test/src/tls/test/MockSrpTlsClient.cs +++ b/crypto/test/src/tls/test/MockSrpTlsClient.cs @@ -60,6 +60,9 @@ namespace Org.BouncyCastle.Tls.Tests public override IDictionary GetClientExtensions() { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised( base.GetClientExtensions()); @@ -127,6 +130,14 @@ namespace Org.BouncyCastle.Tls.Tests } } + public override void ProcessServerExtensions(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessServerExtensions(serverExtensions); + } + protected virtual string ToHexString(byte[] data) { return data == null ? "(null)" : Hex.ToHexString(data); diff --git a/crypto/test/src/tls/test/MockSrpTlsServer.cs b/crypto/test/src/tls/test/MockSrpTlsServer.cs index 725901811..fc643af89 100644 --- a/crypto/test/src/tls/test/MockSrpTlsServer.cs +++ b/crypto/test/src/tls/test/MockSrpTlsServer.cs @@ -93,6 +93,30 @@ namespace Org.BouncyCastle.Tls.Tests } } + public override void ProcessClientExtensions(IDictionary clientExtensions) + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessClientExtensions(clientExtensions); + } + + public override IDictionary GetServerExtensions() + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetServerExtensions(); + } + + public override void GetServerExtensionsForConnection(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.GetServerExtensionsForConnection(serverExtensions); + } + protected override TlsCredentialedSigner GetDsaSignerCredentials() { IList clientSigAlgs = m_context.SecurityParameters.ClientSigAlgs; diff --git a/crypto/test/src/tls/test/MockTlsClient.cs b/crypto/test/src/tls/test/MockTlsClient.cs index 62b699590..71ac4d3f4 100644 --- a/crypto/test/src/tls/test/MockTlsClient.cs +++ b/crypto/test/src/tls/test/MockTlsClient.cs @@ -60,6 +60,9 @@ namespace Org.BouncyCastle.Tls.Tests public override IDictionary GetClientExtensions() { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + IDictionary clientExtensions = TlsExtensionsUtilities.EnsureExtensionsInitialised( base.GetClientExtensions()); @@ -127,6 +130,14 @@ namespace Org.BouncyCastle.Tls.Tests } } + public override void ProcessServerExtensions(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessServerExtensions(serverExtensions); + } + protected virtual string ToHexString(byte[] data) { return data == null ? "(null)" : Hex.ToHexString(data); diff --git a/crypto/test/src/tls/test/MockTlsServer.cs b/crypto/test/src/tls/test/MockTlsServer.cs index f7c197342..18494df12 100644 --- a/crypto/test/src/tls/test/MockTlsServer.cs +++ b/crypto/test/src/tls/test/MockTlsServer.cs @@ -157,6 +157,30 @@ namespace Org.BouncyCastle.Tls.Tests Console.WriteLine("Server 'tls-unique': " + ToHexString(tlsUnique)); } + public override void ProcessClientExtensions(IDictionary clientExtensions) + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessClientExtensions(clientExtensions); + } + + public override IDictionary GetServerExtensions() + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetServerExtensions(); + } + + public override void GetServerExtensionsForConnection(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.GetServerExtensionsForConnection(serverExtensions); + } + protected override TlsCredentialedDecryptor GetRsaEncryptionCredentials() { return TlsTestUtilities.LoadEncryptionCredentials(m_context, diff --git a/crypto/test/src/tls/test/TlsTestClientImpl.cs b/crypto/test/src/tls/test/TlsTestClientImpl.cs index ca5175a73..760dab038 100644 --- a/crypto/test/src/tls/test/TlsTestClientImpl.cs +++ b/crypto/test/src/tls/test/TlsTestClientImpl.cs @@ -70,6 +70,9 @@ namespace Org.BouncyCastle.Tls.Tests public override IDictionary GetClientExtensions() { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + IDictionary clientExtensions = base.GetClientExtensions(); if (clientExtensions != null) { @@ -187,6 +190,14 @@ namespace Org.BouncyCastle.Tls.Tests return new MyTlsAuthentication(this, m_context); } + public override void ProcessServerExtensions(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessServerExtensions(serverExtensions); + } + protected virtual Certificate CorruptCertificate(Certificate cert) { CertificateEntry[] certEntryList = cert.GetCertificateEntryList(); diff --git a/crypto/test/src/tls/test/TlsTestServerImpl.cs b/crypto/test/src/tls/test/TlsTestServerImpl.cs index 273de3d31..22e05ffcc 100644 --- a/crypto/test/src/tls/test/TlsTestServerImpl.cs +++ b/crypto/test/src/tls/test/TlsTestServerImpl.cs @@ -254,6 +254,30 @@ namespace Org.BouncyCastle.Tls.Tests } } + public override void ProcessClientExtensions(IDictionary clientExtensions) + { + if (m_context.SecurityParameters.ClientRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.ProcessClientExtensions(clientExtensions); + } + + public override IDictionary GetServerExtensions() + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + return base.GetServerExtensions(); + } + + public override void GetServerExtensionsForConnection(IDictionary serverExtensions) + { + if (m_context.SecurityParameters.ServerRandom == null) + throw new TlsFatalAlert(AlertDescription.internal_error); + + base.GetServerExtensionsForConnection(serverExtensions); + } + protected virtual IList GetSupportedSignatureAlgorithms() { if (TlsUtilities.IsTlsV12(m_context) && m_config.serverAuthSigAlg != null) -- cgit 1.4.1