From 6cf85a4bb08e627e17a2f1e8e76831a8261e4c68 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 13 Sep 2022 11:14:42 +0800 Subject: [PATCH] update document abourt maximum ticket_age_tolerance Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 19efff7d93..679f7eb86b 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1550,9 +1550,21 @@ //#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE /** - * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH + * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE * - * Time in seconds of max ticket lifetime. This is not used in TLS 1.2. + * Maximum time difference in milliseconds tolerated between the age of a + * ticket from the server and client point of view. + * From the client point of view, the age of a ticket is the time difference + * between the time when the client proposes to the server to use the ticket + * (time of writing of the Pre-Shared Key Extension including the ticket) and + * the time the client received the ticket from the server. + * From the server point of view, the age of a ticket is the time difference + * between the time when the server receives a proposition from the client + * to use the ticket and the time when the ticket was created by the server. + * The server age is expected to be always greater than the client one and + * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the + * maximum difference tolerated for the server to accept the ticket. + * This is not used in TLS 1.2. * */ #define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000