From ac27d6d7ca4251b1db41358dcdf5559ee2cd2079 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 20 Dec 2016 09:30:46 -0800
Subject: [PATCH] DTLS Sequence Number update 1. Set the prevSeq to nextSeq on
 CCS. 2. Fully clear nextSeq on CCS.

---
 src/internal.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index ca67970df..ec7199374 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -9723,10 +9723,13 @@ int ProcessReply(WOLFSSL* ssl)
                     #ifdef WOLFSSL_DTLS
                         if (ssl->options.dtls) {
                             DtlsMsgPoolReset(ssl);
-                            ssl->keys.nextEpoch++;
-                            ssl->keys.nextSeq_lo = 0;
+                            ssl->keys.prevSeq_lo = ssl->keys.nextSeq_lo;
+                            ssl->keys.prevSeq_hi = ssl->keys.nextSeq_hi;
                             XMEMCPY(ssl->keys.prevWindow, ssl->keys.window,
                                     DTLS_SEQ_SZ);
+                            ssl->keys.nextEpoch++;
+                            ssl->keys.nextSeq_lo = 0;
+                            ssl->keys.nextSeq_hi = 0;
                             XMEMSET(ssl->keys.window, 0, DTLS_SEQ_SZ);
                         }
                     #endif