From c7af2c4f8c34b608136cc74d80b09566ed858a44 Mon Sep 17 00:00:00 2001
From: Pengyu Lv <pengyu.lv@arm.com>
Date: Thu, 1 Dec 2022 16:33:00 +0800
Subject: [PATCH] tls13: send new session ticket only when client supports psk

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
---
 library/ssl_tls13_server.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 5f09c2fde..2d2ad610b 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -2568,10 +2568,14 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl)
     mbedtls_ssl_tls13_handshake_wrapup(ssl);
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
-#else
-    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
+    /* Sent NewSessionTicket message only when client supports PSK */
+    if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
+    } else
 #endif
+    {
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
+    }
     return 0;
 }