From 1987a7c0681f9c307daa4239fdea01963bbd6c28 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Thu, 14 Mar 2024 19:05:26 +0100
Subject: [PATCH] Document that we do not implement the anti-replay defenses

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 include/mbedtls/ssl.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 39bea79092..3a0800b36d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -5224,6 +5224,11 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
  *                   same warnings apply to any use of the
  *                   early_exporter_master_secret.
  *
+ *                 Mbed TLS does not implement one of the anti-replay defenses
+ *                 defined in section 8 of the TLS 1.3 specification:
+ *                 single-ticket use or ClientHello recording within a given
+ *                 time window.
+ *
  * \note           This function is used in conjunction with
  *                 mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(),
  *                 mbedtls_ssl_read() and mbedtls_ssl_write() to read early