diff --git a/src/dtls.c b/src/dtls.c index 83b3dd252..c207f33fe 100644 --- a/src/dtls.c +++ b/src/dtls.c @@ -75,6 +75,7 @@ void DtlsResetState(WOLFSSL* ssl) ssl->options.connectState = CONNECT_BEGIN; ssl->options.acceptState = ACCEPT_BEGIN; ssl->options.handShakeState = NULL_STATE; + ssl->options.seenUnifiedHdr = 0; ssl->msgsReceived.got_client_hello = 0; ssl->keys.dtls_handshake_number = 0; ssl->keys.dtls_expected_peer_handshake_number = 0; diff --git a/src/dtls13.c b/src/dtls13.c index 80f8fe21b..d108f2b8a 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -820,10 +820,9 @@ static int Dtls13RtxMsgRecvd(WOLFSSL* ssl, enum HandShakeType hs, messages. */ /* We don't want to clear the buffer until we have done version * negotiation in the SH or have received a unified header in the - * DTLS record (ssl->dtls13Rtx.sendAcks should only be set when that - * is true). */ + * DTLS record. */ if (ssl->options.serverState >= SERVER_HELLO_COMPLETE || - ssl->dtls13Rtx.sendAcks) + ssl->options.seenUnifiedHdr) /* Use 1.2 API to clear 1.2 buffers too */ DtlsMsgPoolReset(ssl); } @@ -2491,11 +2490,10 @@ int Dtls13RtxTimeout(WOLFSSL* ssl) /* We don't want to send acks until we have done version * negotiation in the SH or have received a unified header in the - * DTLS record (ssl->dtls13Rtx.sendAcks should only be set when that - * is true). */ + * DTLS record. */ if (ssl->dtls13Rtx.seenRecords != NULL && (ssl->options.serverState >= SERVER_HELLO_COMPLETE || - ssl->dtls13Rtx.sendAcks)) { + ssl->options.seenUnifiedHdr)) { ssl->dtls13Rtx.sendAcks = 0; /* reset fast timeout as we are sending ACKs */ ssl->dtls13FastTimeout = 0; diff --git a/src/internal.c b/src/internal.c index b3a8408b2..5083d6cbb 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10744,6 +10744,7 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, int ret; if (Dtls13IsUnifiedHeader(*(ssl->buffers.inputBuffer.buffer + *inOutIdx))) { + ssl->options.seenUnifiedHdr = 1; /* We can send ACKs to the peer */ /* version 1.3 already negotiated */ if (ssl->options.tls1_3) { diff --git a/src/ssl.c b/src/ssl.c index 589e186a2..1c7c1e131 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12460,14 +12460,15 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version) - && ssl->dtls13Rtx.sendAcks == 1) { - ssl->dtls13Rtx.sendAcks = 0; + && ssl->dtls13Rtx.sendAcks == 1 + && ssl->options.seenUnifiedHdr) { /* we aren't negotiated the version yet, so we aren't sure * the other end can speak v1.3. On the other side we have * received a unified records, assuming that the * ServerHello got lost, we will send an empty ACK. In case * the server is a DTLS with version less than 1.3, it * should just ignore the message */ + ssl->dtls13Rtx.sendAcks = 0; if ((ssl->error = SendDtls13Ack(ssl)) < 0) { if (ssl->error == WANT_WRITE) ssl->dtls13SendingAckOrRtx = 1; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index e76dfef3d..0e27143eb 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4610,6 +4610,7 @@ struct Options { word16 tls:1; /* using TLS ? */ word16 tls1_1:1; /* using TLSv1.1+ ? */ word16 tls1_3:1; /* using TLSv1.3+ ? */ + word16 seenUnifiedHdr:1; /* received msg with unified header */ word16 dtls:1; /* using datagrams ? */ word16 dtlsStateful:1; /* allow stateful processing ? */ word16 connReset:1; /* has the peer reset */