From 7a63d39947753476a5c819d09a21e800771bc155 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Thu, 13 Jul 2023 14:42:03 +0700
Subject: (D)TLS: Clean up redundant resumption checks

---
 crypto/src/tls/DtlsClientProtocol.cs |  6 ------
 crypto/src/tls/TlsClientProtocol.cs  | 18 ++----------------
 2 files changed, 2 insertions(+), 22 deletions(-)

diff --git a/crypto/src/tls/DtlsClientProtocol.cs b/crypto/src/tls/DtlsClientProtocol.cs
index 5c5686bbb..88ebbb636 100644
--- a/crypto/src/tls/DtlsClientProtocol.cs
+++ b/crypto/src/tls/DtlsClientProtocol.cs
@@ -995,12 +995,6 @@ namespace Org.BouncyCastle.Tls
 
             if (securityParameters.IsResumedSession)
             {
-                if (securityParameters.CipherSuite != state.sessionParameters.CipherSuite
-                    || !server_version.Equals(state.sessionParameters.NegotiatedVersion))
-                {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-                }
-
                 sessionClientExtensions = null;
                 sessionServerExtensions = state.sessionParameters.ReadServerExtensions();
             }
diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index 30ad67fbe..6968e5e55 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -1277,14 +1277,9 @@ namespace Org.BouncyCastle.Tls
 
             var sessionClientExtensions = m_clientExtensions;
             var sessionServerExtensions = serverHelloExtensions;
+
             if (securityParameters.IsResumedSession)
             {
-                if (securityParameters.CipherSuite != m_sessionParameters.CipherSuite
-                    || !server_version.Equals(m_sessionParameters.NegotiatedVersion))
-                {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-                }
-
                 sessionClientExtensions = null;
                 sessionServerExtensions = m_sessionParameters.ReadServerExtensions();
             }
@@ -1312,10 +1307,6 @@ namespace Org.BouncyCastle.Tls
                 securityParameters.m_truncatedHmac = TlsExtensionsUtilities.HasTruncatedHmacExtension(
                     sessionServerExtensions);
 
-                /*
-                 * TODO It's surprising that there's no provision to allow a 'fresh' CertificateStatus to be sent in
-                 * a session resumption handshake.
-                 */
                 if (!securityParameters.IsResumedSession)
                 {
                     // TODO[tls13] See RFC 8446 4.4.2.1
@@ -1419,14 +1410,9 @@ namespace Org.BouncyCastle.Tls
 
             var sessionClientExtensions = m_clientExtensions;
             var sessionServerExtensions = m_serverExtensions;
+
             if (securityParameters.IsResumedSession)
             {
-                if (securityParameters.CipherSuite != m_sessionParameters.CipherSuite
-                    || !negotiatedVersion.Equals(m_sessionParameters.NegotiatedVersion))
-                {
-                    throw new TlsFatalAlert(AlertDescription.illegal_parameter);
-                }
-
                 sessionClientExtensions = null;
                 sessionServerExtensions = m_sessionParameters.ReadServerExtensions();
             }
-- 
cgit 1.4.1