DTLS version guard when setting tls-unique

peterdettman · peterdettman · commit 1c0d3317da76 · 2025-08-05T17:06:49.000+07:00
diff --git a/tls/src/main/java/org/bouncycastle/tls/DTLSClientProtocol.java b/tls/src/main/java/org/bouncycastle/tls/DTLSClientProtocol.java
@@ -152,7 +152,8 @@ protected DTLSTransport clientHandshake(ClientHandshakeState state)
 
             handshake.finish();
 
-            if (securityParameters.isExtendedMasterSecret())
+            if (securityParameters.isExtendedMasterSecret() &&
+                ProtocolVersion.DTLSv12.isEqualOrLaterVersionOf(securityParameters.getNegotiatedVersion()))
             {
                 securityParameters.tlsUnique = securityParameters.getPeerVerifyData();
             }
@@ -380,7 +381,10 @@ protected DTLSTransport clientHandshake(ClientHandshakeState state)
 
         state.tlsSession = TlsUtils.importSession(securityParameters.getSessionID(), state.sessionParameters);
 
-        securityParameters.tlsUnique = securityParameters.getLocalVerifyData();
+        if (ProtocolVersion.DTLSv12.isEqualOrLaterVersionOf(securityParameters.getNegotiatedVersion()))
+        {
+            securityParameters.tlsUnique = securityParameters.getLocalVerifyData();
+        }
 
         clientContext.handshakeComplete(client, state.tlsSession);
 
diff --git a/tls/src/main/java/org/bouncycastle/tls/DTLSServerProtocol.java b/tls/src/main/java/org/bouncycastle/tls/DTLSServerProtocol.java
@@ -161,7 +161,8 @@ protected DTLSTransport serverHandshake(ServerHandshakeState state, DTLSRequest
 
             handshake.finish();
 
-            if (securityParameters.isExtendedMasterSecret())
+            if (securityParameters.isExtendedMasterSecret() &&
+                ProtocolVersion.DTLSv12.isEqualOrLaterVersionOf(securityParameters.getNegotiatedVersion()))
             {
                 securityParameters.tlsUnique = securityParameters.getLocalVerifyData();
             }
@@ -409,7 +410,10 @@ protected DTLSTransport serverHandshake(ServerHandshakeState state, DTLSRequest
 
         state.tlsSession = TlsUtils.importSession(securityParameters.getSessionID(), state.sessionParameters);
 
-        securityParameters.tlsUnique = securityParameters.getPeerVerifyData();
+        if (ProtocolVersion.DTLSv12.isEqualOrLaterVersionOf(securityParameters.getNegotiatedVersion()))
+        {
+            securityParameters.tlsUnique = securityParameters.getPeerVerifyData();
+        }
 
         serverContext.handshakeComplete(server, state.tlsSession);
 
