From: tb Date: Thu, 20 Oct 2022 15:23:43 +0000 (+0000) Subject: Provide TLS13_MAX_TICKET_LIFETIME #define X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=cd23280f13c224bf85009012042af20ff73a8376;p=openbsd Provide TLS13_MAX_TICKET_LIFETIME #define TLSv1.3 servers must not indicate a lifetime longer than 7 days and clients must not cache sessions for longer than 7 days. Encode this in a macro internal to tls13_lib.c for now. ok jsing --- diff --git a/lib/libssl/tls13_lib.c b/lib/libssl/tls13_lib.c index 017cc887b80..be8343c7f5e 100644 --- a/lib/libssl/tls13_lib.c +++ b/lib/libssl/tls13_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_lib.c,v 1.72 2022/10/02 16:36:42 jsing Exp $ */ +/* $OpenBSD: tls13_lib.c,v 1.73 2022/10/20 15:23:43 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing * Copyright (c) 2019 Bob Beck @@ -24,6 +24,13 @@ #include "ssl_tlsext.h" #include "tls13_internal.h" +/* + * RFC 8446, section 4.6.1. Servers must not indicate a lifetime longer than + * 7 days and clients must not cache tickets for longer than 7 days. + */ + +#define TLS13_MAX_TICKET_LIFETIME (7 * 24 * 3600) + /* * Downgrade sentinels - RFC 8446 section 4.1.3, magic values which must be set * by the server in server random if it is willing to downgrade but supports