From da76ee08770570522aa1540e43f3d2cc6436b243 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Fri, 2 Mar 2018 09:57:07 -0800
Subject: [PATCH] allow import of DTLS sessions with null cipher as the null
 cipher is allowed with dtls when enabled

---
 src/internal.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index e5ef65961..4c9b1858a 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1314,8 +1314,9 @@ int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
         return MATCH_SUITE_ERROR;
     }
 
-    /* do not allow stream ciphers with DTLS */
-    if (ssl->specs.cipher_type == stream) {
+    /* do not allow stream ciphers with DTLS, except for NULL cipher */
+    if (ssl->specs.cipher_type == stream &&
+        ssl->specs.bulk_cipher_algorithm != wolfssl_cipher_null) {
         WOLFSSL_MSG("Can not import stream ciphers for DTLS");
         return SANITY_CIPHER_E;
     }