Files
wolfssl/tests/api
Juliusz Sosinowicz 2da5b24438 F-5811: enforce resumed cipher suite match for ticket resumption
The TLS 1.2 client only compared the ServerHello suite against the
cached session suite for session-ID resumption; ticket resumption was
skipped on the assumption the suite is bound in the ticket. But the
ticket is opaque to the client, so it must enforce the match itself -
otherwise a server could resume a ticket under a different (weaker)
suite the client offered and the downgrade would go undetected
(RFC 5246 7.4.1.3).

The check is skipped only when the client retained no suite for the
session (cipherSuite0/cipherSuite both zero), so there is nothing to
compare against - as for EAP-FAST, whose PAC is a TLS ticket whose keys
come from the session-secret callback and which never populates the
cached suite. (0,0) is TLS_NULL_WITH_NULL_NULL, never negotiated, so it
unambiguously means "no retained suite". The EMS check remains
ticket-gated.

Add memio regression tests: a ticket resumption under a different
(retained) suite is rejected with MATCH_SUITE_ERROR, and a resumption
whose cached suite was not retained still succeeds.
2026-06-09 13:07:53 +00:00
..
2026-02-18 09:52:21 -07:00
2026-05-12 20:59:29 +00:00
2026-05-12 20:59:29 +00:00
2026-02-18 09:52:21 -07:00
2026-04-15 17:05:32 +10:00
2026-02-18 09:52:21 -07:00
2026-05-13 09:01:20 -06:00
2026-04-15 17:05:32 +10:00
2026-04-15 17:05:32 +10:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-23 11:26:33 +02:00
2026-06-05 11:30:53 +10:00
2026-06-05 11:30:53 +10:00
2026-03-05 08:51:52 -06:00
2026-02-18 09:52:21 -07:00
2026-06-04 18:29:24 +10:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-06-04 18:29:24 +10:00
2026-02-18 09:52:21 -07:00
2026-05-13 11:36:36 -06:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-06-04 18:29:24 +10:00
2026-05-12 20:59:29 +00:00
2026-05-12 20:59:29 +00:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-05-07 02:33:58 +00:00
2026-05-07 02:33:58 +00:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-06-01 09:57:19 +10:00
2026-06-01 09:57:19 +10:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-04-09 13:09:17 -04:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-05-07 07:32:51 -05:00
2026-05-07 07:31:25 -05:00
2026-06-04 15:30:39 +09:00
2026-06-04 09:08:24 +09:00
2026-05-12 20:57:31 +00:00
2026-05-12 20:57:31 +00:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-05-27 18:20:20 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-05-12 20:59:29 +00:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-02-18 09:52:21 -07:00
2026-05-11 12:09:50 -05:00
2026-02-18 09:52:21 -07:00
2026-06-04 18:29:24 +10:00