From ca850112360e48a3a140f08fa07f02806d61393b Mon Sep 17 00:00:00 2001 From: lloyd Date: Fri, 30 Dec 2011 15:33:58 +0000 Subject: Reset the sequence numbers when we activate a connection state. This meant up until this point, renegotiation never worked. :( --- src/tls/rec_read.cpp | 1 + src/tls/rec_wri.cpp | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/src/tls/rec_read.cpp b/src/tls/rec_read.cpp index 84a96f508..63c08cad5 100644 --- a/src/tls/rec_read.cpp +++ b/src/tls/rec_read.cpp @@ -50,6 +50,7 @@ void Record_Reader::set_keys(const CipherSuite& suite, const SessionKeys& keys, cipher.reset(); delete mac; mac = 0; + seq_no = 0; SymmetricKey mac_key, cipher_key; InitializationVector iv; diff --git a/src/tls/rec_wri.cpp b/src/tls/rec_wri.cpp index 3f6f9b7f1..a0c332c58 100644 --- a/src/tls/rec_wri.cpp +++ b/src/tls/rec_wri.cpp @@ -69,6 +69,14 @@ void Record_Writer::set_keys(const CipherSuite& suite, delete mac; mac = 0; + /* + RFC 4346: + A sequence number is incremented after each record: specifically, + the first record transmitted under a particular connection state + MUST use sequence number 0 + */ + seq_no = 0; + SymmetricKey mac_key, cipher_key; InitializationVector iv; -- cgit v1.2.3