tls13: send new session ticket only when client supports psk

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2022-12-01 16:33:00 +08:00 · 2022-12-01 16:33:00 +08:00 · c7af2c4f8c
commit c7af2c4f8c
parent c55eeb682d
1 changed files with 7 additions and 3 deletions
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -2568,10 +2568,14 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
    mbedtls_ssl_tls13_handshake_wrapup(ssl);

 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
-#else
-    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
+    /* Sent NewSessionTicket message only when client supports PSK */
+    if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
+    } else
 #endif
+    {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
+    }
    return 0;
 }