diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2d805ad8a2..8bc8fd0bc2 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1180,9 +1180,6 @@ struct mbedtls_ssl_session { mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */ #endif int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - int MBEDTLS_PRIVATE(res_ciphersuite); /*!< resumption ciphersuite */ -#endif size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */ unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */ unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 4384706e33..c91980ac18 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1106,8 +1106,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_SESSION_TICKETS) - if (ssl->handshake->resume && - ssl->session_negotiate->res_ciphersuite != + if (ssl->handshake->ciphersuite_info->id != ssl->session_negotiate->ciphersuite) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Invalid ciphersuite for session ticket psk.")); @@ -1705,8 +1704,7 @@ static int ssl_tls13_parse_server_hello(mbedtls_ssl_context *ssl, handshake->ciphersuite_info = ciphersuite_info; #if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl->session_negotiate->res_ciphersuite = - ssl->session_negotiate->ciphersuite; + if (handshake->resume == 0) #endif ssl->session_negotiate->ciphersuite = cipher_suite;