From 3e7aacd204310cb449338c41a4a54848976ccb95 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Mon, 20 May 2013 15:49:37 +0700
Subject: Init pending epoch immediately after client key exchange received

---
 src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java b/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
index f429e201..5a334ad1 100644
--- a/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
+++ b/src/main/java/org/bouncycastle/crypto/tls/DTLSServerProtocol.java
@@ -170,6 +170,8 @@ public class DTLSServerProtocol extends DTLSProtocol {
             throw new TlsFatalAlert(AlertDescription.unexpected_message);
         }
 
+        recordLayer.initPendingEpoch(state.server.getCipher());
+
         /*
          * RFC 5246 7.4.8 This message is only sent following a client certificate that has signing
          * capability (i.e., all certificates except those containing fixed Diffie-Hellman
@@ -186,8 +188,6 @@ public class DTLSServerProtocol extends DTLSProtocol {
             }
         }
 
-        recordLayer.initPendingEpoch(state.server.getCipher());
-
         // NOTE: Calculated exclusive of the actual Finished message from the client
         byte[] clientFinishedHash = handshake.getCurrentHash();
         clientMessage = handshake.receiveMessage();
-- 
cgit v1.2.3