private static void AddFallbackTests(IList testSuite)
{
{
TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
c.clientFallback = true;
testSuite.Add(new TestCaseData(c).SetName("FallbackGood"));
}
/*
* NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
* of the DTLS server after a fatal alert. As of writing, manual runs show the correct
* alerts being raised
*/
//{
// TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
// c.clientOfferVersion = ProtocolVersion.DTLSv10;
// c.clientFallback = true;
// c.ExpectServerFatalAlert(AlertDescription.inappropriate_fallback);
// testSuite.Add(new TestCaseData(c).SetName("FallbackBad"));
//}
{
TlsTestConfig c = CreateDtlsTestConfig(ProtocolVersion.DTLSv12);
c.clientOfferVersion = ProtocolVersion.DTLSv10;
testSuite.Add(new TestCaseData(c).SetName("FallbackNone"));
}
}
private static void AddFallbackTests(IList testSuite)
{
{
TlsTestConfig c = CreateTlsTestConfig(ProtocolVersion.TLSv12);
c.clientFallback = true;
testSuite.Add(new TestCaseData(c).SetName("FallbackGood"));
}
{
TlsTestConfig c = CreateTlsTestConfig(ProtocolVersion.TLSv12);
c.clientOfferVersion = ProtocolVersion.TLSv11;
c.clientFallback = true;
c.ExpectServerFatalAlert(AlertDescription.inappropriate_fallback);
testSuite.Add(new TestCaseData(c).SetName("FallbackBad"));
}
{
TlsTestConfig c = CreateTlsTestConfig(ProtocolVersion.TLSv12);
c.clientOfferVersion = ProtocolVersion.TLSv11;
testSuite.Add(new TestCaseData(c).SetName("FallbackNone"));
}
}
private static void AddVersionTests(IList testSuite, ProtocolVersion version)
{
string prefix = version.ToString()
.Replace(" ", "")
.Replace("\\", "")
.Replace(".", "")
+ "_";
/*
* NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
* of the DTLS server after a fatal alert. As of writing, manual runs show the correct
* alerts being raised
*/
//{
// TlsTestConfig c = CreateDtlsTestConfig(version);
// c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
// c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
// testSuite.Add(new TestCaseData(c).SetName(prefix + "BadCertificateVerify"));
//}
//{
// TlsTestConfig c = CreateDtlsTestConfig(version);
// c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
// c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
// testSuite.Add(new TestCaseData(c).SetName(prefix + "BadClientCertificate"));
//}
//{
// TlsTestConfig c = CreateDtlsTestConfig(version);
// c.clientAuth = C.CLIENT_AUTH_NONE;
// c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
// c.ExpectServerFatalAlert(AlertDescription.handshake_failure);
// testSuite.Add(new TestCaseData(c).SetName(prefix + "BadMandatoryCertReqDeclined"));
//}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodDefault"));
}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.serverCertReq = C.SERVER_CERT_REQ_NONE;
testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodNoCertReq"));
}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_NONE;
testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodOptionalCertReqDeclined"));
}
}
private static TlsTestConfig CreateTlsTestConfig(ProtocolVersion version)
{
TlsTestConfig c = new TlsTestConfig();
c.clientMinimumVersion = ProtocolVersion.TLSv10;
c.clientOfferVersion = ProtocolVersion.TLSv12;
c.serverMaximumVersion = version;
c.serverMinimumVersion = ProtocolVersion.TLSv10;
return(c);
}
private static void AddVersionTests(IList testSuite, ProtocolVersion version)
{
string prefix = version.ToString()
.Replace(" ", "")
.Replace("\\", "")
.Replace(".", "")
+ "_";
{
TlsTestConfig c = CreateTlsTestConfig(version);
testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodDefault"));
}
{
TlsTestConfig c = CreateTlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
testSuite.Add(new TestCaseData(c).SetName(prefix + "BadCertificateVerify"));
}
{
TlsTestConfig c = CreateTlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
testSuite.Add(new TestCaseData(c).SetName(prefix + "BadClientCertificate"));
}
{
TlsTestConfig c = CreateTlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_NONE;
c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
c.ExpectServerFatalAlert(AlertDescription.handshake_failure);
testSuite.Add(new TestCaseData(c).SetName(prefix + "BadMandatoryCertReqDeclined"));
}
{
TlsTestConfig c = CreateTlsTestConfig(version);
c.serverCertReq = C.SERVER_CERT_REQ_NONE;
testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodNoCertReq"));
}
{
TlsTestConfig c = CreateTlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_NONE;
testSuite.Add(new TestCaseData(c).SetName(prefix + "GoodOptionalCertReqDeclined"));
}
}
private static TlsTestConfig CreateDtlsTestConfig(ProtocolVersion version)
{
TlsTestConfig c = new TlsTestConfig();
c.clientMinimumVersion = ProtocolVersion.DTLSv10;
/*
* TODO We'd like to just set the offer version to DTLSv12, but there is a known issue with
* overly-restrictive version checks b/w BC DTLS 1.2 client, BC DTLS 1.0 server
*/
c.clientOfferVersion = version;
c.serverMaximumVersion = version;
c.serverMinimumVersion = ProtocolVersion.DTLSv10;
return(c);
}
internal TlsTestServerImpl(TlsTestConfig config)
{
this.mConfig = config;
}
public DtlsTestClientProtocol(SecureRandom secureRandom, TlsTestConfig config)
: base(secureRandom)
{
this.config = config;
}
public void RunTest(TlsTestConfig config)
{
CheckDtlsVersion(config.clientMinimumVersion);
CheckDtlsVersion(config.clientOfferVersion);
CheckDtlsVersion(config.serverMaximumVersion);
CheckDtlsVersion(config.serverMinimumVersion);
SecureRandom secureRandom = new SecureRandom();
DtlsClientProtocol clientProtocol = new DtlsClientProtocol(secureRandom);
DtlsServerProtocol serverProtocol = new DtlsServerProtocol(secureRandom);
MockDatagramAssociation network = new MockDatagramAssociation(1500);
TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
Server server = new Server(this, serverProtocol, network.Server, serverImpl);
Thread serverThread = new Thread(new ThreadStart(server.Run));
serverThread.Start();
Exception caught = null;
try
{
DatagramTransport clientTransport = network.Client;
if (TlsTestConfig.DEBUG)
{
clientTransport = new LoggingDatagramTransport(clientTransport, Console.Out);
}
DtlsTransport dtlsClient = clientProtocol.Connect(clientImpl, clientTransport);
for (int i = 1; i <= 10; ++i)
{
byte[] data = new byte[i];
Arrays.Fill(data, (byte)i);
dtlsClient.Send(data, 0, data.Length);
}
byte[] buf = new byte[dtlsClient.GetReceiveLimit()];
while (dtlsClient.Receive(buf, 0, buf.Length, 100) >= 0)
{
}
dtlsClient.Close();
}
catch (Exception e)
{
caught = e;
LogException(caught);
}
server.Shutdown(serverThread);
// TODO Add checks that the various streams were closed
Assert.AreEqual(config.expectFatalAlertConnectionEnd, clientImpl.FirstFatalAlertConnectionEnd, "Client fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertConnectionEnd, serverImpl.FirstFatalAlertConnectionEnd, "Server fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertDescription, clientImpl.FirstFatalAlertDescription, "Client fatal alert description");
Assert.AreEqual(config.expectFatalAlertDescription, serverImpl.FirstFatalAlertDescription, "Server fatal alert description");
if (config.expectFatalAlertConnectionEnd == -1)
{
Assert.IsNull(caught, "Unexpected client exception");
Assert.IsNull(server.mCaught, "Unexpected server exception");
}
}
public DtlsTestClientProtocol(SecureRandom secureRandom, TlsTestConfig config)
: base(secureRandom)
{
this.config = config;
}
internal TlsTestServerImpl(TlsTestConfig config)
{
this.mConfig = config;
}
public TlsTestClientProtocol(Stream stream, SecureRandom secureRandom, TlsTestConfig config)
: base(stream, secureRandom)
{
this.config = config;
}
internal TlsTestClientImpl(TlsTestConfig config)
{
this.mConfig = config;
}
public void RunTest(TlsTestConfig config)
{
CheckTlsVersion(config.clientMinimumVersion);
CheckTlsVersion(config.clientOfferVersion);
CheckTlsVersion(config.serverMaximumVersion);
CheckTlsVersion(config.serverMinimumVersion);
SecureRandom secureRandom = new SecureRandom();
PipedStream clientPipe = new PipedStream();
PipedStream serverPipe = new PipedStream(clientPipe);
NetworkStream clientNet = new NetworkStream(clientPipe);
NetworkStream serverNet = new NetworkStream(serverPipe);
TlsTestClientProtocol clientProtocol = new TlsTestClientProtocol(clientNet, secureRandom, config);
TlsTestServerProtocol serverProtocol = new TlsTestServerProtocol(serverNet, secureRandom, config);
TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
Server server = new Server(this, serverProtocol, serverImpl);
Thread serverThread = new Thread(new ThreadStart(server.Run));
serverThread.Start();
Exception caught = null;
try
{
clientProtocol.Connect(clientImpl);
// NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
int length = 1000;
byte[] data = new byte[length];
secureRandom.NextBytes(data);
Stream output = clientProtocol.Stream;
output.Write(data, 0, data.Length);
byte[] echo = new byte[data.Length];
int count = Streams.ReadFully(clientProtocol.Stream, echo);
Assert.AreEqual(count, data.Length);
Assert.IsTrue(Arrays.AreEqual(data, echo));
output.Close();
}
catch (Exception e)
{
caught = e;
LogException(caught);
}
server.AllowExit();
serverThread.Join();
Assert.IsTrue(clientNet.IsClosed, "Client Stream not closed");
Assert.IsTrue(serverNet.IsClosed, "Server Stream not closed");
Assert.AreEqual(config.expectFatalAlertConnectionEnd, clientImpl.FirstFatalAlertConnectionEnd, "Client fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertConnectionEnd, serverImpl.FirstFatalAlertConnectionEnd, "Server fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertDescription, clientImpl.FirstFatalAlertDescription, "Client fatal alert description");
Assert.AreEqual(config.expectFatalAlertDescription, serverImpl.FirstFatalAlertDescription, "Server fatal alert description");
if (config.expectFatalAlertConnectionEnd == -1)
{
Assert.IsNull(caught, "Unexpected client exception");
Assert.IsNull(server.mCaught, "Unexpected server exception");
}
}
private static void AddTestCase(IList testSuite, TlsTestConfig config, String name)
{
testSuite.Add(new TestCaseData(config).SetName(name));
}
public void RunTest(TlsTestConfig config)
{
CheckDtlsVersion(config.clientMinimumVersion);
CheckDtlsVersion(config.clientOfferVersion);
CheckDtlsVersion(config.serverMaximumVersion);
CheckDtlsVersion(config.serverMinimumVersion);
SecureRandom secureRandom = new SecureRandom();
DtlsClientProtocol clientProtocol = new DtlsClientProtocol(secureRandom);
DtlsServerProtocol serverProtocol = new DtlsServerProtocol(secureRandom);
MockDatagramAssociation network = new MockDatagramAssociation(1500);
TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
Server server = new Server(this, serverProtocol, network.Server, serverImpl);
Thread serverThread = new Thread(new ThreadStart(server.Run));
serverThread.Start();
Exception caught = null;
try
{
DatagramTransport clientTransport = network.Client;
if (TlsTestConfig.DEBUG)
{
clientTransport = new LoggingDatagramTransport(clientTransport, Console.Out);
}
DtlsTransport dtlsClient = clientProtocol.Connect(clientImpl, clientTransport);
for (int i = 1; i <= 10; ++i)
{
byte[] data = new byte[i];
Arrays.Fill(data, (byte)i);
dtlsClient.Send(data, 0, data.Length);
}
byte[] buf = new byte[dtlsClient.GetReceiveLimit()];
while (dtlsClient.Receive(buf, 0, buf.Length, 100) >= 0)
{
}
dtlsClient.Close();
}
catch (Exception e)
{
caught = e;
LogException(caught);
}
server.Shutdown(serverThread);
// TODO Add checks that the various streams were closed
Assert.AreEqual(config.expectFatalAlertConnectionEnd, clientImpl.FirstFatalAlertConnectionEnd, "Client fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertConnectionEnd, serverImpl.FirstFatalAlertConnectionEnd, "Server fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertDescription, clientImpl.FirstFatalAlertDescription, "Client fatal alert description");
Assert.AreEqual(config.expectFatalAlertDescription, serverImpl.FirstFatalAlertDescription, "Server fatal alert description");
if (config.expectFatalAlertConnectionEnd == -1)
{
Assert.IsNull(caught, "Unexpected client exception");
Assert.IsNull(server.mCaught, "Unexpected server exception");
}
}
internal TlsTestClientImpl(TlsTestConfig config)
{
this.mConfig = config;
}
private static void AddVersionTests(IList testSuite, ProtocolVersion version)
{
string prefix = version.ToString()
.Replace(" ", "")
.Replace("\\", "")
.Replace(".", "")
+ "_";
/*
* NOTE: Temporarily disabled automatic test runs because of problems getting a clean exit
* of the DTLS server after a fatal alert. As of writing, manual runs show the correct
* alerts being raised
*/
#if false
/*
* Server only declares support for SHA1/RSA, client selects MD5/RSA. Since the client is
* NOT actually tracking MD5 over the handshake, we expect fatal alert from the client.
*/
if (TlsUtilities.IsTlsV12(version))
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_VALID;
c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
c.serverCertReqSigAlgs = TlsUtilities.GetDefaultRsaSignatureAlgorithms();
c.ExpectClientFatalAlert(AlertDescription.internal_error);
AddTestCase(testSuite, c, prefix + "BadCertificateVerifyHashAlg");
}
/*
* Server only declares support for SHA1/ECDSA, client selects SHA1/RSA. Since the client is
* actually tracking SHA1 over the handshake, we expect fatal alert to come from the server
* when it verifies the selected algorithm against the CertificateRequest supported
* algorithms.
*/
if (TlsUtilities.IsTlsV12(version))
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_VALID;
c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
c.ExpectServerFatalAlert(AlertDescription.illegal_parameter);
AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlg");
}
/*
* Server only declares support for SHA1/ECDSA, client signs with SHA1/RSA, but sends
* SHA1/ECDSA in the CertificateVerify. Since the client is actually tracking SHA1 over the
* handshake, and the claimed algorithm is in the CertificateRequest supported algorithms,
* we expect fatal alert to come from the server when it finds the claimed algorithm
* doesn't match the client certificate.
*/
if (TlsUtilities.IsTlsV12(version))
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_VALID;
c.clientAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.rsa);
c.clientAuthSigAlgClaimed = new SignatureAndHashAlgorithm(HashAlgorithm.sha1, SignatureAlgorithm.ecdsa);
c.serverCertReqSigAlgs = TlsUtilities.GetDefaultECDsaSignatureAlgorithms();
c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
AddTestCase(testSuite, c, prefix + "BadCertificateVerifySigAlgMismatch");
}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_INVALID_VERIFY;
c.ExpectServerFatalAlert(AlertDescription.decrypt_error);
AddTestCase(testSuite, c, prefix + "BadCertificateVerifySignature");
}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_INVALID_CERT;
c.ExpectServerFatalAlert(AlertDescription.bad_certificate);
AddTestCase(testSuite, c, prefix + "BadClientCertificate");
}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_NONE;
c.serverCertReq = C.SERVER_CERT_REQ_MANDATORY;
c.ExpectServerFatalAlert(AlertDescription.handshake_failure);
AddTestCase(testSuite, c, prefix + "BadMandatoryCertReqDeclined");
}
/*
* Server selects MD5/RSA for ServerKeyExchange signature, which is not in the default
* supported signature algorithms that the client sent. We expect fatal alert from the
* client when it verifies the selected algorithm against the supported algorithms.
*/
if (TlsUtilities.IsTlsV12(version))
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
AddTestCase(testSuite, c, prefix + "BadServerKeyExchangeSigAlg");
}
/*
* Server selects MD5/RSA for ServerKeyExchange signature, which is not the default {sha1,rsa}
* implied by the absent signature_algorithms extension. We expect fatal alert from the
* client when it verifies the selected algorithm against the implicit default.
*/
if (TlsUtilities.IsTlsV12(version))
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientSendSignatureAlgorithms = false;
c.serverAuthSigAlg = new SignatureAndHashAlgorithm(HashAlgorithm.md5, SignatureAlgorithm.rsa);
c.ExpectClientFatalAlert(AlertDescription.illegal_parameter);
AddTestCaseDebug(testSuite, c, prefix + "BadServerKeyExchangeSigAlg2");
}
#endif
{
TlsTestConfig c = CreateDtlsTestConfig(version);
AddTestCase(testSuite, c, prefix + "GoodDefault");
}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.serverCertReq = C.SERVER_CERT_REQ_NONE;
AddTestCase(testSuite, c, prefix + "GoodNoCertReq");
}
{
TlsTestConfig c = CreateDtlsTestConfig(version);
c.clientAuth = C.CLIENT_AUTH_NONE;
AddTestCase(testSuite, c, prefix + "GoodOptionalCertReqDeclined");
}
}
private static void AddTestCase(IList testSuite, TlsTestConfig config, String name)
{
testSuite.Add(new TestCaseData(config).SetName(name));
}
public void RunTest(TlsTestConfig config)
{
CheckTlsVersion(config.clientMinimumVersion);
CheckTlsVersion(config.clientOfferVersion);
CheckTlsVersion(config.serverMaximumVersion);
CheckTlsVersion(config.serverMinimumVersion);
SecureRandom secureRandom = new SecureRandom();
PipedStream clientPipe = new PipedStream();
PipedStream serverPipe = new PipedStream(clientPipe);
NetworkStream clientNet = new NetworkStream(clientPipe);
NetworkStream serverNet = new NetworkStream(serverPipe);
TlsTestClientProtocol clientProtocol = new TlsTestClientProtocol(clientNet, secureRandom, config);
TlsTestServerProtocol serverProtocol = new TlsTestServerProtocol(serverNet, secureRandom, config);
TlsTestClientImpl clientImpl = new TlsTestClientImpl(config);
TlsTestServerImpl serverImpl = new TlsTestServerImpl(config);
Server server = new Server(this, serverProtocol, serverImpl);
Thread serverThread = new Thread(new ThreadStart(server.Run));
serverThread.Start();
Exception caught = null;
try
{
clientProtocol.Connect(clientImpl);
// NOTE: Because we write-all before we read-any, this length can't be more than the pipe capacity
int length = 1000;
byte[] data = new byte[length];
secureRandom.NextBytes(data);
Stream output = clientProtocol.Stream;
output.Write(data, 0, data.Length);
byte[] echo = new byte[data.Length];
int count = Streams.ReadFully(clientProtocol.Stream, echo);
Assert.AreEqual(count, data.Length);
Assert.IsTrue(Arrays.AreEqual(data, echo));
output.Close();
}
catch (Exception e)
{
caught = e;
LogException(caught);
}
server.AllowExit();
serverThread.Join();
Assert.IsTrue(clientNet.IsClosed, "Client Stream not closed");
Assert.IsTrue(serverNet.IsClosed, "Server Stream not closed");
Assert.AreEqual(config.expectFatalAlertConnectionEnd, clientImpl.FirstFatalAlertConnectionEnd, "Client fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertConnectionEnd, serverImpl.FirstFatalAlertConnectionEnd, "Server fatal alert connection end");
Assert.AreEqual(config.expectFatalAlertDescription, clientImpl.FirstFatalAlertDescription, "Client fatal alert description");
Assert.AreEqual(config.expectFatalAlertDescription, serverImpl.FirstFatalAlertDescription, "Server fatal alert description");
if (config.expectFatalAlertConnectionEnd == -1)
{
Assert.IsNull(caught, "Unexpected client exception");
Assert.IsNull(server.mCaught, "Unexpected server exception");
}
}
private static TlsTestConfig CreateDtlsTestConfig(ProtocolVersion version)
{
TlsTestConfig c = new TlsTestConfig();
c.clientMinimumVersion = ProtocolVersion.DTLSv10;
c.clientOfferVersion = ProtocolVersion.DTLSv12;
c.serverMaximumVersion = version;
c.serverMinimumVersion = ProtocolVersion.DTLSv10;
return c;
}
private static TlsTestConfig CreateDtlsTestConfig(ProtocolVersion version)
{
TlsTestConfig c = new TlsTestConfig();
c.clientMinimumVersion = ProtocolVersion.DTLSv10;
/*
* TODO We'd like to just set the offer version to DTLSv12, but there is a known issue with
* overly-restrictive version checks b/w BC DTLS 1.2 client, BC DTLS 1.0 server
*/
c.clientOfferVersion = version;
c.serverMaximumVersion = version;
c.serverMinimumVersion = ProtocolVersion.DTLSv10;
return c;
}