diff --git a/src/ssl.c b/src/ssl.c index 07434f66ce..bb8959957c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -906,6 +906,9 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl) XMEMCPY(&dup->version, &ssl->version, sizeof(ProtocolVersion)); XMEMCPY(&dup->chVersion, &ssl->chVersion, sizeof(ProtocolVersion)); + /* dup side now owns encrypt/write ciphers */ + XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers)); + #ifdef HAVE_ONE_TIME_AUTH #ifdef HAVE_POLY1305 if (ssl->auth.setup && ssl->auth.poly1305 != NULL) { @@ -918,9 +921,6 @@ static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl) #endif #endif - /* dup side now owns encrypt/write ciphers */ - XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers)); - #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { /* Copy TLS 1.3 application traffic secrets so the write side can