Improve comment and changlog
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index b8ca482..1cd2ac5 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -947,12 +947,17 @@
uint32_t obfuscated_ticket_age =
(uint32_t)( now - session->ticket_received );
- /* Workaround for anti replay fail of GnuTLS server.
- *
- * The time unit of ticket age is milliseconds, but current unit is
- * seconds. If the ticket was received at the end of first second and
- * sent in next second, GnuTLS think it is replay attack.
- *
+ /*
+ * The ticket timestamp is in seconds but the ticket age is in
+ * milliseconds. If the ticket was received at the end of a second and
+ * re-used here just at the beginning of the next second, the computed
+ * age `now - session->ticket_received` is equal to 1s thus 1000 ms
+ * while the actual age could be just a few milliseconds or tens of
+ * milliseconds. If the server has more accurate ticket timestamps
+ * (typically timestamps in milliseconds), as part of the processing of
+ * the ClientHello, it may compute a ticket lifetime smaller than the
+ * one computed here and potentially reject the ticket. To avoid that,
+ * remove one second to the ticket age if possible.
*/
if( obfuscated_ticket_age > 0 )
obfuscated_ticket_age -= 1;