Fix for session resumption to ensure use of the right cipher suite. ZD13297

2025-07-30 02:37:28 +02:00 · 2021-12-21 14:52:56 -08:00
parent f1f15f411f
commit a92fb0eb42
1 changed files with 11 additions and 1 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -29404,7 +29404,17 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
            }
        #endif

-            if (ret == 0) {
+            if (ret == 0 && ssl->options.resuming) {
+                /* for resumption use the cipher suite from session */
+                ssl->options.cipherSuite0 = session->cipherSuite0;
+                ssl->options.cipherSuite =  session->cipherSuite;
+                ret = SetCipherSpecs(ssl);
+                if (ret == 0) {
+                    ret = PickHashSigAlgo(ssl, clSuites->hashSigAlgo,
+                                               clSuites->hashSigAlgoSz);
+                }
+            }
+            else if (ret == 0) {
                if (MatchSuite(ssl, clSuites) < 0) {
                    WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
                    ret = UNSUPPORTED_SUITE;