Improve documentation about SSL ticket encryption

commit: dc54ff85785a7cc68b00eabbf7e915c6e08869d0 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Jun 25 12:44:46 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Jun 25 12:44:46 2015 +0200
tree: c05e91c792e9877225f625da46ca9739d01f18b5
parent: a25ffc3b0febdfc900a9eabe1ae6eb7ac929f2c2 [diff] [blame]
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index caa8380..abce61e 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h

@@ -87,14 +87,19 @@
  * \param ctx       Context to be set up
  * \param f_rng     RNG callback function
  * \param p_rng     RNG callback context
- * \param cipher    AEAD cipher to use for ticket protection, eg
- *                  MBEDTLS_CIPHER_AES_256_GCM or MBEDTLS_CIPHER_AES_256_CCM.
+ * \param cipher    AEAD cipher to use for ticket protection.
+ *                  Recommended value: MBEDTLS_CIPHER_AES_256_GCM.
  * \param lifetime  Tickets lifetime in seconds
+ *                  Recommended value: 86400 (one day).
  *
  * \note            It is highly recommended to select a cipher that is at
  *                  least as strong as the the strongest ciphersuite
  *                  supported. Usually that means a 256-bit key.
  *
+ * \note            The lifetime of the keys is twice the lifetime of tickets.
+ *                  It is recommended to pick a reasonnable lifetime so as not
+ *                  to negate the benefits of forward secrecy.
+ *
  * \return          0 if successful,
  *                  or a specific MBEDTLS_ERR_XXX error code
  */
commit	dc54ff85785a7cc68b00eabbf7e915c6e08869d0	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Jun 25 12:44:46 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Jun 25 12:44:46 2015 +0200
tree	c05e91c792e9877225f625da46ca9739d01f18b5
parent	a25ffc3b0febdfc900a9eabe1ae6eb7ac929f2c2 [diff] [blame]