From 1cc412daaa874b80b79599bd71c53fc315bb9ac7 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Wed, 28 Jun 2023 16:29:22 +0700 Subject: Add TlsClient.ShouldUseCompatibilityMode --- crypto/src/tls/AbstractTlsClient.cs | 5 +++++ crypto/src/tls/TlsClient.cs | 3 +++ crypto/src/tls/TlsClientProtocol.cs | 2 +- crypto/src/tls/TlsUtilities.cs | 9 +++++++++ 4 files changed, 18 insertions(+), 1 deletion(-) (limited to 'crypto') diff --git a/crypto/src/tls/AbstractTlsClient.cs b/crypto/src/tls/AbstractTlsClient.cs index af53e9fbf..77f30bb40 100644 --- a/crypto/src/tls/AbstractTlsClient.cs +++ b/crypto/src/tls/AbstractTlsClient.cs @@ -421,6 +421,11 @@ namespace Org.BouncyCastle.Tls return TlsUtilities.VectorOfOne(m_supportedGroups[0]); } + public virtual bool ShouldUseCompatibilityMode() + { + return true; + } + /// public virtual void NotifyServerVersion(ProtocolVersion serverVersion) { diff --git a/crypto/src/tls/TlsClient.cs b/crypto/src/tls/TlsClient.cs index d93799aaf..8615bb3fb 100644 --- a/crypto/src/tls/TlsClient.cs +++ b/crypto/src/tls/TlsClient.cs @@ -41,6 +41,9 @@ namespace Org.BouncyCastle.Tls /// IList GetEarlyKeyShareGroups(); + // TODO[api] + //bool ShouldUseCompatibilityMode(); + /// void NotifyServerVersion(ProtocolVersion selectedVersion); diff --git a/crypto/src/tls/TlsClientProtocol.cs b/crypto/src/tls/TlsClientProtocol.cs index 8e31fa6c8..99d088622 100644 --- a/crypto/src/tls/TlsClientProtocol.cs +++ b/crypto/src/tls/TlsClientProtocol.cs @@ -1694,7 +1694,7 @@ namespace Org.BouncyCastle.Tls * RFC 8446 4.2.1. In compatibility mode [..], this field MUST be non-empty, so a client * not offering a pre-TLS 1.3 session MUST generate a new 32-byte value. */ - if (legacy_session_id.Length < 1) + if (legacy_session_id.Length < 1 && TlsUtilities.ShouldUseCompatibilityMode(m_tlsClient)) { legacy_session_id = m_tlsClientContext.NonceGenerator.GenerateNonce(32); } diff --git a/crypto/src/tls/TlsUtilities.cs b/crypto/src/tls/TlsUtilities.cs index 92102e826..7337e9f52 100644 --- a/crypto/src/tls/TlsUtilities.cs +++ b/crypto/src/tls/TlsUtilities.cs @@ -5739,5 +5739,14 @@ namespace Org.BouncyCastle.Tls abstractTlsPeer.NotifyConnectionClosed(); } } + + // TODO[api] Not needed once ShouldUseCompatibilityMode() has been added to TlsClient + internal static bool ShouldUseCompatibilityMode(TlsClient tlsClient) + { + if (tlsClient is AbstractTlsClient abstractTlsClient) + return abstractTlsClient.ShouldUseCompatibilityMode(); + + return true; + } } } -- cgit 1.4.1