From db8fc39475cd412796139247f2ebdf8b1c3d3f43 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Tue, 20 Jun 2023 19:20:48 +0700
Subject: Fix renegotiation after resumption handshakes

- see https://github.com/bcgit/bc-java/issues/1430
---
 crypto/src/tls/TlsClientProtocol.cs | 2 +-
 crypto/src/tls/TlsServerProtocol.cs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs
index d26f60ef1..8e31fa6c8 100644
--- a/crypto/src/tls/TlsClientProtocol.cs
+++ b/crypto/src/tls/TlsClientProtocol.cs
@@ -345,7 +345,7 @@ namespace Org.BouncyCastle.Tls
             if (!IsLegacyConnectionState())
                 throw new TlsFatalAlert(AlertDescription.internal_error);
 
-            if (securityParameters.IsResumedSession)
+            if (securityParameters.IsResumedSession && type != HandshakeType.hello_request)
             {
                 if (type != HandshakeType.finished || m_connectionState != CS_SERVER_HELLO)
                     throw new TlsFatalAlert(AlertDescription.unexpected_message);
diff --git a/crypto/src/tls/TlsServerProtocol.cs b/crypto/src/tls/TlsServerProtocol.cs
index 72c1b2ea5..c7a250042 100644
--- a/crypto/src/tls/TlsServerProtocol.cs
+++ b/crypto/src/tls/TlsServerProtocol.cs
@@ -866,7 +866,7 @@ namespace Org.BouncyCastle.Tls
             if (!IsLegacyConnectionState())
                 throw new TlsFatalAlert(AlertDescription.internal_error);
 
-            if (securityParameters.IsResumedSession)
+            if (securityParameters.IsResumedSession && type != HandshakeType.client_hello)
             {
                 if (type != HandshakeType.finished || m_connectionState != CS_SERVER_FINISHED)
                     throw new TlsFatalAlert(AlertDescription.unexpected_message);
-- 
cgit 1.5.1