diff options
| -rw-r--r-- | src/lib/libssl/tls13_lib.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index 017cc887b8..be8343c7f5 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_lib.c,v 1.72 2022/10/02 16:36:42 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_lib.c,v 1.73 2022/10/20 15:23:43 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2019 Bob Beck <beck@openbsd.org> |
| @@ -25,6 +25,13 @@ | |||
| 25 | #include "tls13_internal.h" | 25 | #include "tls13_internal.h" |
| 26 | 26 | ||
| 27 | /* | 27 | /* |
| 28 | * RFC 8446, section 4.6.1. Servers must not indicate a lifetime longer than | ||
| 29 | * 7 days and clients must not cache tickets for longer than 7 days. | ||
| 30 | */ | ||
| 31 | |||
| 32 | #define TLS13_MAX_TICKET_LIFETIME (7 * 24 * 3600) | ||
| 33 | |||
| 34 | /* | ||
| 28 | * Downgrade sentinels - RFC 8446 section 4.1.3, magic values which must be set | 35 | * Downgrade sentinels - RFC 8446 section 4.1.3, magic values which must be set |
| 29 | * by the server in server random if it is willing to downgrade but supports | 36 | * by the server in server random if it is willing to downgrade but supports |
| 30 | * TLSv1.3 | 37 | * TLSv1.3 |