TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 034a8b77d1f4fcf00196be559178e65e93cdaeab^! / . / include / mbedtls / mbedtls_config.h
commit034a8b77d1f4fcf00196be559178e65e93cdaeab[log] [tgz]
authorJerry Yu <jerry.h.yu@arm.com>Fri Nov 10 12:20:19 2023 +0800
committerJerry Yu <jerry.h.yu@arm.com>Tue Nov 21 09:58:19 2023 +0800
tree757ce28ed7e78b238a43f7c3d3dfeb80200ce665
parent28e7c554f48a61374793efd25373456a8d36a3a4 [diff] [blame]
Update document of ticket age tolerance

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index d137f00..4acac9c 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h

@@ -4099,19 +4099,21 @@
 /**
  * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE
  *
- * Maximum time difference in milliseconds tolerated between the age of a
- * ticket from the server and client point of view.
- * From the client point of view, the age of a ticket is the time difference
- * between the time when the client proposes to the server to use the ticket
- * (time of writing of the Pre-Shared Key Extension including the ticket) and
- * the time the client received the ticket from the server.
- * From the server point of view, the age of a ticket is the time difference
- * between the time when the server receives a proposition from the client
- * to use the ticket and the time when the ticket was created by the server.
- * The server age is expected to be always greater than the client one and
- * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the
- * maximum difference tolerated for the server to accept the ticket.
- * This is not used in TLS 1.2.
+ * Maximum allowd ticket age difference in milliseconds tolerated between
+ * server and client. Default value is 6000. This is not used in TLS 1.2.
+ *
+ * - The client ticket age is the time difference between the time when the
+ *   client proposes to the server to use the ticket and the time the client
+ *   received the ticket from the server.
+ * - The server ticket age is the time difference between the time when the
+ *   server receives a proposition from the client to use the ticket and the
+ *   time when the ticket was created by the server.
+ *
+ * The ages might be different due to accuracy of RTC crypstal. The typical
+ * accuracy of an RTC crystal is ±100 to ±20 parts per million (360 to 72
+ * milliseconds per hour). Default tolerance windows is 6s, thus in the worst
+ * case client and servers must sync up their system time every 6000/360/2~=8
+ * hours.
  *
  */
 //#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000