From dbeaae6ba4f8b709246d1f67bfb675f4133ffb8f Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 11 May 2022 19:09:20 +0700
Subject: Improve anon suites

---
 crypto/src/tls/TlsUtilities.cs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'crypto/src/tls/TlsUtilities.cs')

diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs
index f6e509b7d..72ff92271 100644
--- a/crypto/src/tls/TlsUtilities.cs
+++ b/crypto/src/tls/TlsUtilities.cs
@@ -4799,8 +4799,11 @@ namespace Org.BouncyCastle.Tls
             MemoryStream buf)
         {
             SecurityParameters securityParameters = clientContext.SecurityParameters;
-            if (null != securityParameters.PeerCertificate)
+            if (KeyExchangeAlgorithm.IsAnonymous(securityParameters.KeyExchangeAlgorithm)
+                || null != securityParameters.PeerCertificate)
+            {
                 throw new TlsFatalAlert(AlertDescription.unexpected_message);
+            }
 
             MemoryStream endPointHash = new MemoryStream();
 
-- 
cgit 1.4.1