mbedtls_ssl_ticket_setup() function

Prepare context to be actually used

Syntax

Show:

Summary

Declaration

Definition

from ssl_ticket.h:124

int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_cipher_type_t cipher, uint32_t lifetime);

Implemented in ssl_ticket.c:214

Arguments

Argument

Description

ctx

Context to be set up

f_rng

RNG callback function (mandatory)

p_rng

RNG callback context

cipher

AEAD cipher to use for ticket protection. Recommended value: MBEDTLS_CIPHER_AES_256_GCM.

lifetime

Tickets lifetime in seconds Recommended value: 86400 (one day).

Return value

0 if successful, or a specific MBEDTLS_ERR_XXX error code

Notes

It is highly recommended to select a cipher that is at least as strong as the strongest ciphersuite supported. Usually that means a 256-bit key. It is recommended to pick a reasonable lifetime so as not to negate the benefits of forward secrecy. The TLS 1.3 specification states that ticket lifetime must be smaller than seven days. If ticket lifetime has been set to a value greater than seven days in this module then if the TLS 1.3 is configured to send tickets after the handshake it will fail the connection when trying to send the first ticket.