Merge branch 'main' of gitlab.cryptoworkshop.com:root/bc-java

dghgit · dghgit · commit 98d81fc9ee39 · 2025-12-02T15:08:30.000+11:00
diff --git a/tls/src/main/java/org/bouncycastle/tls/TlsClientProtocol.java b/tls/src/main/java/org/bouncycastle/tls/TlsClientProtocol.java
@@ -484,22 +484,34 @@ protected void handleHandshakeMessage(short type, HandshakeMessageInput buf)
                 {
                     process13HelloRetryRequest(serverHello);
                     handshakeHash.notifyPRFDetermined();
-                    handshakeHash.sealHashAlgorithms();
+
                     TlsUtils.adjustTranscriptForRetry(handshakeHash);
+
                     buf.updateHash(handshakeHash);
                     this.connection_state = CS_SERVER_HELLO_RETRY_REQUEST;
 
                     send13ClientHelloRetry();
                     this.connection_state = CS_CLIENT_HELLO_RETRY;
+
+                    /*
+                     * PSK binders (if any) when retrying ClientHello currently require handshakeHash buffering
+                     */
+                    handshakeHash.sealHashAlgorithms();
                 }
                 else
                 {
                     processServerHello(serverHello);
                     handshakeHash.notifyPRFDetermined();
+
                     if (TlsUtils.isTLSv13(securityParameters.getNegotiatedVersion()))
                     {
                         handshakeHash.sealHashAlgorithms();
                     }
+                    else
+                    {
+                        // For pre-1.3 wait until ServerHelloDone is received
+                    }
+
                     buf.updateHash(handshakeHash);
                     this.connection_state = CS_SERVER_HELLO;
 
@@ -902,15 +914,15 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)
             }
         }
 
-        final int selected_group = TlsExtensionsUtils.getKeyShareHelloRetryRequest(extensions);
+        final int selectedGroup = TlsExtensionsUtils.getKeyShareHelloRetryRequest(extensions);
 
         /*
          * TODO[tls:psk_ke]
          *
          * RFC 8446 4.2.8. Servers [..] MUST NOT send a KeyShareEntry when using the "psk_ke"
          * PskKeyExchangeMode.
          */
-        if (selected_group < 0)
+        if (selectedGroup < 0)
         {
             throw new TlsFatalAlert(AlertDescription.missing_extension,
                 "missing extension response: " + ExtensionType.getText(ExtensionType.key_share));
@@ -925,7 +937,7 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)
          * MUST abort the handshake with an "illegal_parameter" alert.
          */
         if (!TlsUtils.isValidKeyShareSelection(server_version, securityParameters.getClientSupportedGroups(),
-            clientAgreements, selected_group))
+            clientAgreements, selectedGroup))
         {
             throw new TlsFatalAlert(AlertDescription.illegal_parameter, "invalid key_share selected");
         }
@@ -946,7 +958,7 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)
 
         this.clientAgreements = null;
         this.retryCookie = cookie;
-        this.retryGroup = selected_group;
+        this.retryGroup = selectedGroup;
     }
 
     protected void process13ServerHello(ServerHello serverHello, boolean afterHelloRetryRequest)
@@ -1051,8 +1063,8 @@ protected void process13ServerHello(ServerHello serverHello, boolean afterHelloR
 
         TlsSecret sharedSecret = null;
         {
-            KeyShareEntry keyShareEntry = TlsExtensionsUtils.getKeyShareServerHello(extensions);
-            if (null == keyShareEntry)
+            KeyShareEntry serverShare = TlsExtensionsUtils.getKeyShareServerHello(extensions);
+            if (null == serverShare)
             {
                 if (afterHelloRetryRequest
                     || null == pskEarlySecret
@@ -1069,14 +1081,15 @@ protected void process13ServerHello(ServerHello serverHello, boolean afterHelloR
                     throw new TlsFatalAlert(AlertDescription.illegal_parameter);
                 }
 
-                int namedGroup = keyShareEntry.getNamedGroup();
+                int namedGroup = serverShare.getNamedGroup();
+
                 TlsAgreement agreement = (TlsAgreement)clientAgreements.get(Integers.valueOf(namedGroup));
                 if (null == agreement)
                 {
                     throw new TlsFatalAlert(AlertDescription.illegal_parameter);
                 }
 
-                agreement.receivePeerValue(keyShareEntry.getKeyExchange());
+                agreement.receivePeerValue(serverShare.getKeyExchange());
                 sharedSecret = agreement.calculateSecret();
             }
         }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/LoggingDatagramTransport.java b/tls/src/test/java/org/bouncycastle/tls/test/LoggingDatagramTransport.java
@@ -9,6 +9,7 @@
 public class LoggingDatagramTransport
     implements DatagramTransport
 {
+    private static final boolean ENABLE_DUMPS = false;
 
     private static final String HEX_CHARS = "0123456789ABCDEF";
 
@@ -62,6 +63,11 @@ public void close()
     private void dumpDatagram(String verb, byte[] buf, int off, int len)
         throws IOException
     {
+        if (!ENABLE_DUMPS)
+        {
+            return;
+        }
+
         long timestamp = System.currentTimeMillis() - launchTimestamp;
         StringBuffer sb = new StringBuffer("(+" + timestamp + "ms) " + verb + " " + len + " byte datagram:");
         for (int pos = 0; pos < len; ++pos)
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockDTLSClient.java b/tls/src/test/java/org/bouncycastle/tls/test/MockDTLSClient.java
@@ -80,7 +80,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio
     {
         super.notifyServerVersion(serverVersion);
 
-        System.out.println("DTLS client negotiated " + serverVersion);
+        System.out.println("DTLS client negotiated version " + serverVersion);
     }
 
     public TlsAuthentication getAuthentication() throws IOException
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockDTLSServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockDTLSServer.java
@@ -64,7 +64,7 @@ public ProtocolVersion getServerVersion() throws IOException
     {
         ProtocolVersion serverVersion = super.getServerVersion();
 
-        System.out.println("DTLS server negotiated " + serverVersion);
+        System.out.println("DTLS server negotiated version " + serverVersion);
 
         return serverVersion;
     }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockPSKDTLSClient.java b/tls/src/test/java/org/bouncycastle/tls/test/MockPSKDTLSClient.java
@@ -88,7 +88,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio
     {
         super.notifyServerVersion(serverVersion);
 
-        System.out.println("DTLS-PSK client negotiated " + serverVersion);
+        System.out.println("DTLS-PSK client negotiated version " + serverVersion);
     }
 
     public TlsAuthentication getAuthentication() throws IOException
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockPSKDTLSServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockPSKDTLSServer.java
@@ -66,7 +66,7 @@ public ProtocolVersion getServerVersion() throws IOException
     {
         ProtocolVersion serverVersion = super.getServerVersion();
 
-        System.out.println("DTLS-PSK server negotiated " + serverVersion);
+        System.out.println("DTLS-PSK server negotiated version " + serverVersion);
 
         return serverVersion;
     }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockPSKTls13Client.java b/tls/src/test/java/org/bouncycastle/tls/test/MockPSKTls13Client.java
@@ -109,7 +109,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio
     {
         super.notifyServerVersion(serverVersion);
 
-        System.out.println("TLS 1.3 PSK client negotiated " + serverVersion);
+        System.out.println("TLS 1.3 PSK client negotiated version " + serverVersion);
     }
 
     public TlsAuthentication getAuthentication() throws IOException
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockPSKTls13Server.java b/tls/src/test/java/org/bouncycastle/tls/test/MockPSKTls13Server.java
@@ -68,7 +68,7 @@ public ProtocolVersion getServerVersion() throws IOException
     {
         ProtocolVersion serverVersion = super.getServerVersion();
 
-        System.out.println("TLS 1.3 PSK server negotiated " + serverVersion);
+        System.out.println("TLS 1.3 PSK server negotiated version " + serverVersion);
 
         return serverVersion;
     }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockPSKTlsClient.java b/tls/src/test/java/org/bouncycastle/tls/test/MockPSKTlsClient.java
@@ -108,7 +108,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio
     {
         super.notifyServerVersion(serverVersion);
 
-        System.out.println("TLS-PSK client negotiated " + serverVersion);
+        System.out.println("TLS-PSK client negotiated version " + serverVersion);
     }
 
     public TlsAuthentication getAuthentication() throws IOException
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockPSKTlsServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockPSKTlsServer.java
@@ -65,7 +65,7 @@ public ProtocolVersion getServerVersion() throws IOException
     {
         ProtocolVersion serverVersion = super.getServerVersion();
 
-        System.out.println("TLS-PSK server negotiated " + serverVersion);
+        System.out.println("TLS-PSK server negotiated version " + serverVersion);
 
         return serverVersion;
     }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockSRPTlsClient.java b/tls/src/test/java/org/bouncycastle/tls/test/MockSRPTlsClient.java
@@ -96,7 +96,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio
     {
         super.notifyServerVersion(serverVersion);
 
-        System.out.println("TLS-SRP client negotiated " + serverVersion);
+        System.out.println("TLS-SRP client negotiated version " + serverVersion);
     }
 
     public TlsAuthentication getAuthentication() throws IOException
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockSRPTlsServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockSRPTlsServer.java
@@ -87,7 +87,7 @@ public ProtocolVersion getServerVersion() throws IOException
     {
         ProtocolVersion serverVersion = super.getServerVersion();
 
-        System.out.println("TLS-SRP server negotiated " + serverVersion);
+        System.out.println("TLS-SRP server negotiated version " + serverVersion);
 
         return serverVersion;
     }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockTlsClient.java b/tls/src/test/java/org/bouncycastle/tls/test/MockTlsClient.java
@@ -98,7 +98,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio
     {
         super.notifyServerVersion(serverVersion);
 
-        System.out.println("TLS client negotiated " + serverVersion);
+        System.out.println("TLS client negotiated version " + serverVersion);
     }
 
     public TlsAuthentication getAuthentication() throws IOException
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockTlsHybridClient.java b/tls/src/test/java/org/bouncycastle/tls/test/MockTlsHybridClient.java
@@ -124,7 +124,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio
     {
         super.notifyServerVersion(serverVersion);
 
-        System.out.println("TLS hybrid client negotiated " + serverVersion);
+        System.out.println("TLS hybrid client negotiated version " + serverVersion);
     }
 
     public TlsAuthentication getAuthentication() throws IOException
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockTlsHybridServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockTlsHybridServer.java
@@ -100,7 +100,7 @@ public ProtocolVersion getServerVersion() throws IOException
     {
         ProtocolVersion serverVersion = super.getServerVersion();
 
-        System.out.println("TLS hybrid server negotiated " + serverVersion);
+        System.out.println("TLS hybrid server negotiated version " + serverVersion);
 
         return serverVersion;
     }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockTlsKemClient.java b/tls/src/test/java/org/bouncycastle/tls/test/MockTlsKemClient.java
@@ -124,7 +124,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio
     {
         super.notifyServerVersion(serverVersion);
 
-        System.out.println("TLS KEM client negotiated " + serverVersion);
+        System.out.println("TLS KEM client negotiated version " + serverVersion);
     }
 
     public TlsAuthentication getAuthentication() throws IOException
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockTlsKemServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockTlsKemServer.java
@@ -100,7 +100,7 @@ public ProtocolVersion getServerVersion() throws IOException
     {
         ProtocolVersion serverVersion = super.getServerVersion();
 
-        System.out.println("TLS KEM server negotiated " + serverVersion);
+        System.out.println("TLS KEM server negotiated version " + serverVersion);
 
         return serverVersion;
     }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/MockTlsServer.java b/tls/src/test/java/org/bouncycastle/tls/test/MockTlsServer.java
@@ -81,7 +81,7 @@ public ProtocolVersion getServerVersion() throws IOException
     {
         ProtocolVersion serverVersion = super.getServerVersion();
 
-        System.out.println("TLS server negotiated " + serverVersion);
+        System.out.println("TLS server negotiated version " + serverVersion);
 
         return serverVersion;
     }
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/TlsTestClientImpl.java b/tls/src/test/java/org/bouncycastle/tls/test/TlsTestClientImpl.java
@@ -214,7 +214,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio
 
         if (TlsTestConfig.DEBUG)
         {
-            System.out.println("TLS client negotiated " + serverVersion);
+            System.out.println("TLS client negotiated version " + serverVersion);
         }
     }
 
diff --git a/tls/src/test/java/org/bouncycastle/tls/test/TlsTestServerImpl.java b/tls/src/test/java/org/bouncycastle/tls/test/TlsTestServerImpl.java
@@ -173,7 +173,7 @@ public ProtocolVersion getServerVersion() throws IOException
 
         if (TlsTestConfig.DEBUG)
         {
-            System.out.println("TLS server negotiated " + serverVersion);
+            System.out.println("TLS server negotiated version " + serverVersion);
         }
 
         return serverVersion;

Original file line number	Diff line number	Diff line change
`@@ -484,22 +484,34 @@ protected void handleHandshakeMessage(short type, HandshakeMessageInput buf)`
`484`	`484`	`{`
`485`	`485`	`process13HelloRetryRequest(serverHello);`
`486`	`486`	`handshakeHash.notifyPRFDetermined();`
`487`		`- handshakeHash.sealHashAlgorithms();`
	`487`	`+`
`488`	`488`	`TlsUtils.adjustTranscriptForRetry(handshakeHash);`
	`489`	`+`
`489`	`490`	`buf.updateHash(handshakeHash);`
`490`	`491`	`this.connection_state = CS_SERVER_HELLO_RETRY_REQUEST;`
`491`	`492`
`492`	`493`	`send13ClientHelloRetry();`
`493`	`494`	`this.connection_state = CS_CLIENT_HELLO_RETRY;`
	`495`	`+`
	`496`	`+ /*`
	`497`	`+ * PSK binders (if any) when retrying ClientHello currently require handshakeHash buffering`
	`498`	`+ */`
	`499`	`+ handshakeHash.sealHashAlgorithms();`
`494`	`500`	`}`
`495`	`501`	`else`
`496`	`502`	`{`
`497`	`503`	`processServerHello(serverHello);`
`498`	`504`	`handshakeHash.notifyPRFDetermined();`
	`505`	`+`
`499`	`506`	`if (TlsUtils.isTLSv13(securityParameters.getNegotiatedVersion()))`
`500`	`507`	`{`
`501`	`508`	`handshakeHash.sealHashAlgorithms();`
`502`	`509`	`}`
	`510`	`+ else`
	`511`	`+ {`
	`512`	`+ // For pre-1.3 wait until ServerHelloDone is received`
	`513`	`+ }`
	`514`	`+`
`503`	`515`	`buf.updateHash(handshakeHash);`
`504`	`516`	`this.connection_state = CS_SERVER_HELLO;`
`505`	`517`
`@@ -902,15 +914,15 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)`
`902`	`914`	`}`
`903`	`915`	`}`
`904`	`916`
`905`		`- final int selected_group = TlsExtensionsUtils.getKeyShareHelloRetryRequest(extensions);`
	`917`	`+ final int selectedGroup = TlsExtensionsUtils.getKeyShareHelloRetryRequest(extensions);`
`906`	`918`
`907`	`919`	`/*`
`908`	`920`	`* TODO[tls:psk_ke]`
`909`	`921`	`*`
`910`	`922`	`* RFC 8446 4.2.8. Servers [..] MUST NOT send a KeyShareEntry when using the "psk_ke"`
`911`	`923`	`* PskKeyExchangeMode.`
`912`	`924`	`*/`
`913`		`- if (selected_group < 0)`
	`925`	`+ if (selectedGroup < 0)`
`914`	`926`	`{`
`915`	`927`	`throw new TlsFatalAlert(AlertDescription.missing_extension,`
`916`	`928`	`"missing extension response: " + ExtensionType.getText(ExtensionType.key_share));`
`@@ -925,7 +937,7 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)`
`925`	`937`	`* MUST abort the handshake with an "illegal_parameter" alert.`
`926`	`938`	`*/`
`927`	`939`	`if (!TlsUtils.isValidKeyShareSelection(server_version, securityParameters.getClientSupportedGroups(),`
`928`		`- clientAgreements, selected_group))`
	`940`	`+ clientAgreements, selectedGroup))`
`929`	`941`	`{`
`930`	`942`	`throw new TlsFatalAlert(AlertDescription.illegal_parameter, "invalid key_share selected");`
`931`	`943`	`}`
`@@ -946,7 +958,7 @@ protected void process13HelloRetryRequest(ServerHello helloRetryRequest)`
`946`	`958`
`947`	`959`	`this.clientAgreements = null;`
`948`	`960`	`this.retryCookie = cookie;`
`949`		`- this.retryGroup = selected_group;`
	`961`	`+ this.retryGroup = selectedGroup;`
`950`	`962`	`}`
`951`	`963`
`952`	`964`	`protected void process13ServerHello(ServerHello serverHello, boolean afterHelloRetryRequest)`
`@@ -1051,8 +1063,8 @@ protected void process13ServerHello(ServerHello serverHello, boolean afterHelloR`
`1051`	`1063`
`1052`	`1064`	`TlsSecret sharedSecret = null;`
`1053`	`1065`	`{`
`1054`		`- KeyShareEntry keyShareEntry = TlsExtensionsUtils.getKeyShareServerHello(extensions);`
`1055`		`- if (null == keyShareEntry)`
	`1066`	`+ KeyShareEntry serverShare = TlsExtensionsUtils.getKeyShareServerHello(extensions);`
	`1067`	`+ if (null == serverShare)`
`1056`	`1068`	`{`
`1057`	`1069`	`if (afterHelloRetryRequest`
`1058`	`1070`	`\|\| null == pskEarlySecret`
`@@ -1069,14 +1081,15 @@ protected void process13ServerHello(ServerHello serverHello, boolean afterHelloR`
`1069`	`1081`	`throw new TlsFatalAlert(AlertDescription.illegal_parameter);`
`1070`	`1082`	`}`
`1071`	`1083`
`1072`		`- int namedGroup = keyShareEntry.getNamedGroup();`
	`1084`	`+ int namedGroup = serverShare.getNamedGroup();`
	`1085`	`+`
`1073`	`1086`	`TlsAgreement agreement = (TlsAgreement)clientAgreements.get(Integers.valueOf(namedGroup));`
`1074`	`1087`	`if (null == agreement)`
`1075`	`1088`	`{`
`1076`	`1089`	`throw new TlsFatalAlert(AlertDescription.illegal_parameter);`
`1077`	`1090`	`}`
`1078`	`1091`
`1079`		`- agreement.receivePeerValue(keyShareEntry.getKeyExchange());`
	`1092`	`+ agreement.receivePeerValue(serverShare.getKeyExchange());`
`1080`	`1093`	`sharedSecret = agreement.calculateSecret();`
`1081`	`1094`	`}`
`1082`	`1095`	`}`
Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio`
`80`	`80`	`{`
`81`	`81`	`super.notifyServerVersion(serverVersion);`
`82`	`82`
`83`		`- System.out.println("DTLS client negotiated " + serverVersion);`
	`83`	`+ System.out.println("DTLS client negotiated version " + serverVersion);`
`84`	`84`	`}`
`85`	`85`
`86`	`86`	`public TlsAuthentication getAuthentication() throws IOException`
Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ public ProtocolVersion getServerVersion() throws IOException`
`64`	`64`	`{`
`65`	`65`	`ProtocolVersion serverVersion = super.getServerVersion();`
`66`	`66`
`67`		`- System.out.println("DTLS server negotiated " + serverVersion);`
	`67`	`+ System.out.println("DTLS server negotiated version " + serverVersion);`
`68`	`68`
`69`	`69`	`return serverVersion;`
`70`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio`
`88`	`88`	`{`
`89`	`89`	`super.notifyServerVersion(serverVersion);`
`90`	`90`
`91`		`- System.out.println("DTLS-PSK client negotiated " + serverVersion);`
	`91`	`+ System.out.println("DTLS-PSK client negotiated version " + serverVersion);`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`public TlsAuthentication getAuthentication() throws IOException`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ public ProtocolVersion getServerVersion() throws IOException`
`66`	`66`	`{`
`67`	`67`	`ProtocolVersion serverVersion = super.getServerVersion();`
`68`	`68`
`69`		`- System.out.println("DTLS-PSK server negotiated " + serverVersion);`
	`69`	`+ System.out.println("DTLS-PSK server negotiated version " + serverVersion);`
`70`	`70`
`71`	`71`	`return serverVersion;`
`72`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio`
`109`	`109`	`{`
`110`	`110`	`super.notifyServerVersion(serverVersion);`
`111`	`111`
`112`		`- System.out.println("TLS 1.3 PSK client negotiated " + serverVersion);`
	`112`	`+ System.out.println("TLS 1.3 PSK client negotiated version " + serverVersion);`
`113`	`113`	`}`
`114`	`114`
`115`	`115`	`public TlsAuthentication getAuthentication() throws IOException`
Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ public ProtocolVersion getServerVersion() throws IOException`
`68`	`68`	`{`
`69`	`69`	`ProtocolVersion serverVersion = super.getServerVersion();`
`70`	`70`
`71`		`- System.out.println("TLS 1.3 PSK server negotiated " + serverVersion);`
	`71`	`+ System.out.println("TLS 1.3 PSK server negotiated version " + serverVersion);`
`72`	`72`
`73`	`73`	`return serverVersion;`
`74`	`74`	`}`
Original file line number	Diff line number	Diff line change
`@@ -108,7 +108,7 @@ public void notifyServerVersion(ProtocolVersion serverVersion) throws IOExceptio`
`108`	`108`	`{`
`109`	`109`	`super.notifyServerVersion(serverVersion);`
`110`	`110`
`111`		`- System.out.println("TLS-PSK client negotiated " + serverVersion);`
	`111`	`+ System.out.println("TLS-PSK client negotiated version " + serverVersion);`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`public TlsAuthentication getAuthentication() throws IOException`
Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ public ProtocolVersion getServerVersion() throws IOException`
`65`	`65`	`{`
`66`	`66`	`ProtocolVersion serverVersion = super.getServerVersion();`
`67`	`67`
`68`		`- System.out.println("TLS-PSK server negotiated " + serverVersion);`
	`68`	`+ System.out.println("TLS-PSK server negotiated version " + serverVersion);`
`69`	`69`
`70`	`70`	`return serverVersion;`
`71`	`71`	`}`