deleteTicket()
testResumeState("WithoutSessionTicket", false)
+ // In TLS 1.3, HelloRetryRequest is sent after incorrect key share.
+ // See https://www.rfc-editor.org/rfc/rfc8446#page-14.
+ if version == VersionTLS13 {
+ deleteTicket()
+ serverConfig = &Config{
+ // Use a different curve than the client to force a HelloRetryRequest.
+ CurvePreferences: []CurveID{CurveP521, CurveP384, CurveP256},
+ MaxVersion: version,
+ Certificates: testConfig.Certificates,
+ }
+ testResumeState("InitialHandshake", false)
+ testResumeState("WithHelloRetryRequest", true)
+
+ // Reset serverConfig back.
+ serverConfig = &Config{
+ MaxVersion: version,
+ CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA},
+ Certificates: testConfig.Certificates,
+ }
+ }
+
// Session resumption should work when using client certificates
deleteTicket()
serverConfig.ClientCAs = rootCAs
transcript := hs.suite.hash.New()
transcript.Write([]byte{typeMessageHash, 0, 0, uint8(len(chHash))})
transcript.Write(chHash)
- if err := transcriptMsg(hs.serverHello, hs.transcript); err != nil {
+ if err := transcriptMsg(hs.serverHello, transcript); err != nil {
return err
}
helloBytes, err := hs.hello.marshalWithoutBinders()