mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2024-12-29 00:17:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Document that we do not implement the anti-replay defenses

Browse Source 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2024-03-14 19:05:26 +01:00
parent d514d9c798
commit 1987a7c068
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
include/mbedtls/ssl.h
View File

@ -5224,6 +5224,11 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
* same warnings apply to any use of the
* early_exporter_master_secret.
*
* Mbed TLS does not implement one of the anti-replay defenses
* defined in section 8 of the TLS 1.3 specification:
* single-ticket use or ClientHello recording within a given
* time window.
*
* \note This function is used in conjunction with
* mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(),
* mbedtls_ssl_read() and mbedtls_ssl_write() to read early