From 28e7c554f48a61374793efd25373456a8d36a3a4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 10 Nov 2023 12:05:56 +0800 Subject: [PATCH] Change the bottom of tolerance window The unit of ticket time has been changed to milliseconds. And age difference might be negative Signed-off-by: Jerry Yu --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index fb579d58f1..e7800f1dd9 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -234,7 +234,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket( */ client_age = obfuscated_ticket_age - session->ticket_age_add; age_diff = server_age - client_age; - if (age_diff < -1000 || + if (age_diff < -MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE || age_diff > MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) { MBEDTLS_SSL_DEBUG_MSG( 3, ("Ticket age outside tolerance window ( diff = %"