From 4f72d35badbc0694805bc9ed0c84af34bc6db709 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Mon, 16 Oct 2017 19:38:16 +0700 Subject: TLS: always send CCS immediately before FINISHED message --- crypto/src/crypto/tls/TlsClientProtocol.cs | 3 +-- crypto/src/crypto/tls/TlsServerProtocol.cs | 7 +------ 2 files changed, 2 insertions(+), 8 deletions(-) (limited to 'crypto/src') diff --git a/crypto/src/crypto/tls/TlsClientProtocol.cs b/crypto/src/crypto/tls/TlsClientProtocol.cs index 0ea84c05c..8de76c2f8 100644 --- a/crypto/src/crypto/tls/TlsClientProtocol.cs +++ b/crypto/src/crypto/tls/TlsClientProtocol.cs @@ -145,6 +145,7 @@ namespace Org.BouncyCastle.Crypto.Tls ProcessFinishedMessage(buf); this.mConnectionState = CS_SERVER_FINISHED; + SendChangeCipherSpecMessage(); SendFinishedMessage(); this.mConnectionState = CS_CLIENT_FINISHED; @@ -266,8 +267,6 @@ namespace Org.BouncyCastle.Crypto.Tls { this.mSecurityParameters.masterSecret = Arrays.Clone(this.mSessionParameters.MasterSecret); this.mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher()); - - SendChangeCipherSpecMessage(); } else { diff --git a/crypto/src/crypto/tls/TlsServerProtocol.cs b/crypto/src/crypto/tls/TlsServerProtocol.cs index c2bfbcb74..f5285d80b 100644 --- a/crypto/src/crypto/tls/TlsServerProtocol.cs +++ b/crypto/src/crypto/tls/TlsServerProtocol.cs @@ -359,10 +359,10 @@ namespace Org.BouncyCastle.Crypto.Tls if (this.mExpectSessionTicket) { SendNewSessionTicketMessage(mTlsServer.GetNewSessionTicket()); - SendChangeCipherSpecMessage(); } this.mConnectionState = CS_SERVER_SESSION_TICKET; + SendChangeCipherSpecMessage(); SendFinishedMessage(); this.mConnectionState = CS_SERVER_FINISHED; @@ -647,11 +647,6 @@ namespace Org.BouncyCastle.Crypto.Tls } mRecordStream.SetPendingConnectionState(Peer.GetCompression(), Peer.GetCipher()); - - if (!mExpectSessionTicket) - { - SendChangeCipherSpecMessage(); - } } protected virtual void SendCertificateRequestMessage(CertificateRequest certificateRequest) -- cgit 1.4.1