Provide TLS13_MAX_TICKET_LIFETIME #define

TLSv1.3 servers must not indicate a lifetime longer than 7 days and clients must not cache sessions for longer than 7 days. Encode this in a macro internal to tls13_lib.c for now. ok jsing
author: tb <> 2022-10-20 15:23:43 +0000
committer: tb <> 2022-10-20 15:23:43 +0000
commit: 7eb2eff3bb0dfb8fb87e37ef0ca182f8109d908f (patch)
tree: d8c360c42421305ea9d673d9a561348cdaa03ecb /src
parent: 2eb5ecc0e85a8e912093ea091e01062b9f248743 (diff)
download: openbsd-7eb2eff3bb0dfb8fb87e37ef0ca182f8109d908f.tar.gz
openbsd-7eb2eff3bb0dfb8fb87e37ef0ca182f8109d908f.tar.bz2
openbsd-7eb2eff3bb0dfb8fb87e37ef0ca182f8109d908f.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 017cc887b8..be8343c7f5 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.72 2022/10/02 16:36:42 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.73 2022/10/20 15:23:43 tb Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -25,6 +25,13 @@
 #include "tls13_internal.h"
 /*
+ * RFC 8446, section 4.6.1. Servers must not indicate a lifetime longer than
+ * 7 days and clients must not cache tickets for longer than 7 days.
+ */
+#define TLS13_MAX_TICKET_LIFETIME       (7 * 24 * 3600)
+/*
 * Downgrade sentinels - RFC 8446 section 4.1.3, magic values which must be set
 * by the server in server random if it is willing to downgrade but supports
 * TLSv1.3
author	tb <>	2022-10-20 15:23:43 +0000
committer	tb <>	2022-10-20 15:23:43 +0000
commit	7eb2eff3bb0dfb8fb87e37ef0ca182f8109d908f (patch)
tree	d8c360c42421305ea9d673d9a561348cdaa03ecb /src
parent	2eb5ecc0e85a8e912093ea091e01062b9f248743 (diff)
download	openbsd-7eb2eff3bb0dfb8fb87e37ef0ca182f8109d908f.tar.gz openbsd-7eb2eff3bb0dfb8fb87e37ef0ca182f8109d908f.tar.bz2 openbsd-7eb2eff3bb0dfb8fb87e37ef0ca182f8109d908f.zip