From ce6ed7076aade44e355dbf540c520bf68f661f57 Mon Sep 17 00:00:00 2001
From: Jerry Yu <jerry.h.yu@arm.com>
Date: Fri, 22 Jul 2022 21:49:53 +0800
Subject: [PATCH] Change the order of key_exchange determine

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
---
 library/ssl_tls13_server.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 28e99d5d6f..10e9bb7b0b 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -775,20 +775,13 @@ static int ssl_tls13_determine_key_exchange_mode( mbedtls_ssl_context *ssl )
      * The PSK-based key exchanges may additionally be used with 0-RTT.
      *
      * Our built-in order of preference is
-     *  1 ) Plain PSK Mode ( psk )
-     *  2 ) (EC)DHE-PSK Mode ( psk_ephemeral )
-     *  3 ) Certificate Mode ( ephemeral )
+     *  1 ) (EC)DHE-PSK Mode ( psk_ephemeral )
+     *  2 ) Certificate Mode ( ephemeral )
+     *  3 ) Plain PSK Mode ( psk )
      */
 
     ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
 
-    if( ssl_tls13_check_psk_key_exchange( ssl ) )
-    {
-        ssl->handshake->key_exchange_mode =
-            MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
-        MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk" ) );
-    }
-    else
     if( ssl_tls13_check_psk_ephemeral_key_exchange( ssl ) )
     {
         ssl->handshake->key_exchange_mode =
@@ -803,6 +796,13 @@ static int ssl_tls13_determine_key_exchange_mode( mbedtls_ssl_context *ssl )
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: ephemeral" ) );
     }
     else
+    if( ssl_tls13_check_psk_key_exchange( ssl ) )
+    {
+        ssl->handshake->key_exchange_mode =
+            MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+        MBEDTLS_SSL_DEBUG_MSG( 2, ( "key exchange mode: psk" ) );
+    }
+    else
     {
         MBEDTLS_SSL_DEBUG_MSG(
                 1,