From ec1d928d158d5f5ff41888802707421d5757f4cb Mon Sep 17 00:00:00 2001
From: TLS-Attacker Developer <developer@tls-attacker.org>
Date: Thu, 26 Jun 2025 19:12:07 +0000
Subject: [PATCH] Fix DTLS finishWithCloseNotify override issue

Remove automatic setting of finishWithCloseNotify to true when using -version DTLS* parameter. This allows users to control the finishWithCloseNotify setting via configuration file as intended.
---
 .../delegate/ProtocolVersionDelegate.java     |  1 -
 .../delegate/ProtocolVersionDelegateTest.java | 43 +++++++++++++++++++
 2 files changed, 43 insertions(+), 1 deletion(-)

diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegate.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegate.java
index 569b6c8640..7237698602 100644
--- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegate.java
+++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegate.java
@@ -49,7 +49,6 @@ public void applyDelegate(Config config) {
             th = TransportHandlerType.UDP;
             config.setDefaultLayerConfiguration(StackConfiguration.DTLS);
             config.setWorkflowExecutorType(WorkflowExecutorType.DTLS);
-            config.setFinishWithCloseNotify(true);
             config.setIgnoreRetransmittedCssInDtls(true);
         }
 
diff --git a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegateTest.java b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegateTest.java
index 50d5603efd..e78d85a1a6 100644
--- a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegateTest.java
+++ b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/delegate/ProtocolVersionDelegateTest.java
@@ -91,4 +91,47 @@ public void testNothingSetNothingChanges() {
         delegate.applyDelegate(config);
         assertTrue(EqualsBuilder.reflectionEquals(config, config2, "certificateChainConfig"));
     }
+
+    @Test
+    public void testDTLSDoesNotOverrideFinishWithCloseNotify() {
+        Config config = new Config();
+        // Set finishWithCloseNotify to false explicitly
+        config.setFinishWithCloseNotify(false);
+
+        String[] args = new String[2];
+        args[0] = "-version";
+        args[1] = "DTLS12";
+
+        jcommander.parse(args);
+        delegate.applyDelegate(config);
+
+        // Verify that finishWithCloseNotify remains false and is not overridden
+        assertFalse(config.isFinishWithCloseNotify());
+
+        // Verify other DTLS settings are still applied correctly
+        assertSame(ProtocolVersion.DTLS12, config.getHighestProtocolVersion());
+        assertSame(
+                TransportHandlerType.UDP,
+                config.getDefaultClientConnection().getTransportHandlerType());
+        assertSame(
+                TransportHandlerType.UDP,
+                config.getDefaultServerConnection().getTransportHandlerType());
+    }
+
+    @Test
+    public void testDTLSRespectsTrueFinishWithCloseNotify() {
+        Config config = new Config();
+        // Set finishWithCloseNotify to true explicitly
+        config.setFinishWithCloseNotify(true);
+
+        String[] args = new String[2];
+        args[0] = "-version";
+        args[1] = "DTLS12";
+
+        jcommander.parse(args);
+        delegate.applyDelegate(config);
+
+        // Verify that finishWithCloseNotify remains true
+        assertTrue(config.isFinishWithCloseNotify());
+    }
 }