Make cipher used in ssl tickets configurable

commit: a0adc1bbe473644c9a2b5c149a193843d7bbff80 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon May 25 10:35:16 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Mon May 25 10:35:16 2015 +0200
tree: 67aa404349e6c8889337c55e60dca1ce4f7b2e10
parent: 1041a393383092ccc52188a3940e9fe8162e2849 [diff] [blame]
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 42842c5..3612a92 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h

@@ -70,13 +70,20 @@
  * \param ctx       Context to be set up
  * \param f_rng     RNG callback function
  * \param p_rng     RNG callback context
+ * \param cipher    AEAD cipher to use for ticket protection, eg
+ *                  MBEDTLS_CIPHER_AES_256_GCM or MBEDTLS_CIPHER_AES_256_CCM.
  * \param lifetime  Tickets lifetime in seconds
  *
+ * \note            It is highly recommended to select a cipher that is at
+ *                  least as strong as the the strongest ciphersuite
+ *                  supported. Usually that means a 256-bit key.
+ *
  * \return          0 is successful,
  *                  or a specific MBEDTLS_ERR_XXX error code
  */
 int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+    mbedtls_cipher_type_t cipher,
     uint32_t lifetime );
 
 /**
commit	a0adc1bbe473644c9a2b5c149a193843d7bbff80	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon May 25 10:35:16 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Mon May 25 10:35:16 2015 +0200
tree	67aa404349e6c8889337c55e60dca1ce4f7b2e10
parent	1041a393383092ccc52188a3940e9fe8162e2849 [diff] [blame]