mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 18:10:50 +02:00
2da5b24438
The TLS 1.2 client only compared the ServerHello suite against the cached session suite for session-ID resumption; ticket resumption was skipped on the assumption the suite is bound in the ticket. But the ticket is opaque to the client, so it must enforce the match itself - otherwise a server could resume a ticket under a different (weaker) suite the client offered and the downgrade would go undetected (RFC 5246 7.4.1.3). The check is skipped only when the client retained no suite for the session (cipherSuite0/cipherSuite both zero), so there is nothing to compare against - as for EAP-FAST, whose PAC is a TLS ticket whose keys come from the session-secret callback and which never populates the cached suite. (0,0) is TLS_NULL_WITH_NULL_NULL, never negotiated, so it unambiguously means "no retained suite". The EMS check remains ticket-gated. Add memio regression tests: a ticket resumption under a different (retained) suite is rejected with MATCH_SUITE_ERROR, and a resumption whose cached suite was not retained still succeeds.
Before creating any new configure files (.conf) read the CONF_FILES_README.md