From dd137c67a464cddca45424c954a908ddd73e14fe Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Sat, 27 Sep 2014 11:00:41 +0700
Subject: Update comments now that encrypt-then-MAC is out of draft (RFC 7366)

---
 crypto/src/crypto/tls/AbstractTlsServer.cs | 7 ++++---
 crypto/src/crypto/tls/ExtensionType.cs     | 8 ++++----
 crypto/src/crypto/tls/TlsClientProtocol.cs | 7 ++++---
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/crypto/src/crypto/tls/AbstractTlsServer.cs b/crypto/src/crypto/tls/AbstractTlsServer.cs
index 08bb289cf..c2c6fd57c 100644
--- a/crypto/src/crypto/tls/AbstractTlsServer.cs
+++ b/crypto/src/crypto/tls/AbstractTlsServer.cs
@@ -223,9 +223,10 @@ namespace Org.BouncyCastle.Crypto.Tls
             if (this.mEncryptThenMacOffered && AllowEncryptThenMac)
             {
                 /*
-                 * draft-ietf-tls-encrypt-then-mac-03 3. If a server receives an encrypt-then-MAC
-                 * request extension from a client and then selects a stream or AEAD cipher suite, it
-                 * MUST NOT send an encrypt-then-MAC response extension back to the client.
+                 * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client
+                 * and then selects a stream or Authenticated Encryption with Associated Data (AEAD)
+                 * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the
+                 * client.
                  */
                 if (TlsUtilities.IsBlockCipherSuite(this.mSelectedCipherSuite))
                 {
diff --git a/crypto/src/crypto/tls/ExtensionType.cs b/crypto/src/crypto/tls/ExtensionType.cs
index f5c2523f3..3d00509af 100644
--- a/crypto/src/crypto/tls/ExtensionType.cs
+++ b/crypto/src/crypto/tls/ExtensionType.cs
@@ -44,14 +44,14 @@ namespace Org.BouncyCastle.Crypto.Tls
         public const int heartbeat = 15;
 
         /*
-         * RFC 5077 7.
+         * RFC 7366
          */
-        public const int session_ticket = 35;
+        public const int encrypt_then_mac = 22;
 
         /*
-         * draft-ietf-tls-encrypt-then-mac-03
+         * RFC 5077 7.
          */
-        public const int encrypt_then_mac = 22;
+        public const int session_ticket = 35;
 
         /*
          * draft-ietf-tls-session-hash-01
diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs
index 54a68c4ff..9fe50add8 100644
--- a/crypto/src/crypto/tls/TlsClientProtocol.cs
+++ b/crypto/src/crypto/tls/TlsClientProtocol.cs
@@ -747,9 +747,10 @@ namespace Org.BouncyCastle.Crypto.Tls
             if (sessionServerExtensions != null)
             {
                 /*
-                 * draft-ietf-tls-encrypt-then-mac-03 3. If a server receives an encrypt-then-MAC
-                 * request extension from a client and then selects a stream or AEAD cipher suite, it
-                 * MUST NOT Send an encrypt-then-MAC response extension back to the client.
+                 * RFC 7366 3. If a server receives an encrypt-then-MAC request extension from a client
+                 * and then selects a stream or Authenticated Encryption with Associated Data (AEAD)
+                 * ciphersuite, it MUST NOT send an encrypt-then-MAC response extension back to the
+                 * client.
                  */
                 bool serverSentEncryptThenMAC = TlsExtensionsUtilities.HasEncryptThenMacExtension(sessionServerExtensions);
                 if (serverSentEncryptThenMAC && !TlsUtilities.IsBlockCipherSuite(selectedCipherSuite))
-- 
cgit 1.4.1