tls13: srv: Fail connection if ticket lifetime exceed 7 days
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index a1e70d4..2ee1400 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -111,6 +111,13 @@
* \note It is recommended to pick a reasonable lifetime so as not
* to negate the benefits of forward secrecy.
*
+ * \note The TLS 1.3 specification states that ticket lifetime must
+ * be smaller than seven days. If ticket lifetime has been
+ * set to a value greater than seven days in this module then
+ * if the TLS 1.3 is configured to send tickets after the
+ * handshake it will fail the connection when trying to send
+ * the first ticket.
+ *
* \return 0 if successful,
* or a specific MBEDTLS_ERR_XXX error code
*/
@@ -147,6 +154,13 @@
* \note It is recommended to pick a reasonable lifetime so as not
* to negate the benefits of forward secrecy.
*
+ * \note The TLS 1.3 specification states that ticket lifetime must
+ * be smaller than seven days. If ticket lifetime has been
+ * set to a value greater than seven days in this module then
+ * if the TLS 1.3 is configured to send tickets after the
+ * handshake it will fail the connection when trying to send
+ * the first ticket.
+ *
* \return 0 if successful,
* or a specific MBEDTLS_ERR_XXX error code
*/