From 6ff4d53d63811ada4489a3d40eebea2099f8a73b Mon Sep 17 00:00:00 2001
From: Developer <developer@tls-attacker.org>
Date: Thu, 26 Jun 2025 19:16:40 +0000
Subject: [PATCH] Fix issue #182: Prevent -version flag from overriding
 finishWithCloseNotify in DTLS

When using the -version parameter with DTLS protocols, the ProtocolVersionDelegate
was unconditionally setting finishWithCloseNotify to true, overriding any value
that may have been set via XML configuration files.

This fix removes the automatic override, allowing users to control the
finishWithCloseNotify setting through their XML configuration files while
still using the -version parameter for DTLS protocols.

Changes:
- Removed config.setFinishWithCloseNotify(true) from DTLS configuration in ProtocolVersionDelegate
- Added tests to verify finishWithCloseNotify values are preserved for DTLS versions
- Tests confirm both default (false) and explicitly set values are maintained
---
 .../delegate/ProtocolVersionDelegate.java     |  3 +-
 .../delegate/ProtocolVersionDelegateTest.java | 65 +++++++++++++++++++
 2 files changed, 67 insertions(+), 1 deletion(-)

diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegate.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegate.java
index 569b6c8640..0cf45b974b 100644
--- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegate.java
+++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegate.java
@@ -49,7 +49,8 @@ public void applyDelegate(Config config) {
             th = TransportHandlerType.UDP;
             config.setDefaultLayerConfiguration(StackConfiguration.DTLS);
             config.setWorkflowExecutorType(WorkflowExecutorType.DTLS);
-            config.setFinishWithCloseNotify(true);
+            // Do not override finishWithCloseNotify - respect the configuration value
+            // whether it comes from XML or defaults
             config.setIgnoreRetransmittedCssInDtls(true);
         }
 
diff --git a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegateTest.java b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegateTest.java
index 50d5603efd..1ed3983051 100644
--- a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegateTest.java
+++ b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegateTest.java
@@ -91,4 +91,69 @@ public void testNothingSetNothingChanges() {
         delegate.applyDelegate(config);
         assertTrue(EqualsBuilder.reflectionEquals(config, config2, "certificateChainConfig"));
     }
+
+    @Test
+    public void testDTLSVersionDoesNotOverrideFinishWithCloseNotify() {
+        // Test that setting DTLS version does not override finishWithCloseNotify setting
+        Config config = new Config();
+
+        // Test with default false value
+        assertFalse(config.isFinishWithCloseNotify());
+
+        String[] args = new String[2];
+        args[0] = "-version";
+        args[1] = "DTLS12";
+        jcommander.parse(args);
+        delegate.applyDelegate(config);
+
+        // Should remain false after applying DTLS version
+        assertFalse(config.isFinishWithCloseNotify());
+        assertSame(ProtocolVersion.DTLS12, config.getHighestProtocolVersion());
+        assertSame(
+                TransportHandlerType.UDP,
+                config.getDefaultClientConnection().getTransportHandlerType());
+        assertSame(
+                TransportHandlerType.UDP,
+                config.getDefaultServerConnection().getTransportHandlerType());
+    }
+
+    @Test
+    public void testDTLSVersionPreservesExplicitFinishWithCloseNotify() {
+        // Test that explicitly set finishWithCloseNotify is preserved
+        Config config = new Config();
+
+        // Explicitly set to true
+        config.setFinishWithCloseNotify(true);
+        assertTrue(config.isFinishWithCloseNotify());
+
+        String[] args = new String[2];
+        args[0] = "-version";
+        args[1] = "DTLS12";
+        jcommander.parse(args);
+        delegate.applyDelegate(config);
+
+        // Should remain true
+        assertTrue(config.isFinishWithCloseNotify());
+        assertSame(ProtocolVersion.DTLS12, config.getHighestProtocolVersion());
+    }
+
+    @Test
+    public void testDTLS10VersionBehavior() {
+        // Test DTLS 1.0 as well
+        Config config = new Config();
+        config.setFinishWithCloseNotify(false);
+
+        String[] args = new String[2];
+        args[0] = "-version";
+        args[1] = "DTLS10";
+        jcommander.parse(args);
+        delegate.applyDelegate(config);
+
+        // Should remain false
+        assertFalse(config.isFinishWithCloseNotify());
+        assertSame(ProtocolVersion.DTLS10, config.getHighestProtocolVersion());
+        assertSame(
+                TransportHandlerType.UDP,
+                config.getDefaultClientConnection().getTransportHandlerType());
+    }
 }