Files
wolfssl/tests
Juliusz Sosinowicz 2da5b24438 F-5811: enforce resumed cipher suite match for ticket resumption
The TLS 1.2 client only compared the ServerHello suite against the
cached session suite for session-ID resumption; ticket resumption was
skipped on the assumption the suite is bound in the ticket. But the
ticket is opaque to the client, so it must enforce the match itself -
otherwise a server could resume a ticket under a different (weaker)
suite the client offered and the downgrade would go undetected
(RFC 5246 7.4.1.3).

The check is skipped only when the client retained no suite for the
session (cipherSuite0/cipherSuite both zero), so there is nothing to
compare against - as for EAP-FAST, whose PAC is a TLS ticket whose keys
come from the session-secret callback and which never populates the
cached suite. (0,0) is TLS_NULL_WITH_NULL_NULL, never negotiated, so it
unambiguously means "no retained suite". The EMS check remains
ticket-gated.

Add memio regression tests: a ticket resumption under a different
(retained) suite is rejected with MATCH_SUITE_ERROR, and a resumption
whose cached suite was not retained still succeeds.
2026-06-09 13:07:53 +00:00
..
2020-12-17 14:26:49 +01:00
2026-02-18 09:52:21 -07:00
2026-06-04 18:29:24 +10:00
2022-01-31 15:29:25 -05:00
2022-01-31 15:29:25 -05:00
2024-01-16 15:18:05 -08:00
2026-02-25 15:19:13 +01:00
2026-02-25 15:19:13 +01:00
2020-07-20 15:03:48 -07:00
2022-01-31 15:29:25 -05:00
2022-06-01 10:36:01 +10:00
2022-02-23 09:47:34 +01:00
2024-01-16 15:18:05 -08:00
2020-12-17 14:26:49 +01:00
2026-06-05 10:58:44 +10:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00

Before creating any new configure files (.conf) read the CONF_FILES_README.md