Merge branch 'maint'

* maint:
  ssl: Remove debug printouts in tls_1_3_record_SUITE
  ssl: Improve stability of ssl_key_update_SUITE
  ssl: Make key update atomic in tls sender
  ssl: Improve openssl test server
  ssl: Improve ssl_test_lib
  ssl: Chunk data before sending
  ssl: Add ssl_key_update_SUITE
  ssl: Update documentation
  ssl: Fix function tests
  ssl: Implement option 'key_update_at'
  ssl: Implement limits on key usage (TLS 1.3)
  ssl: Add API function for key update
  ssl: Implement KeyUpdate
  ssl: Forget master_secret after handshake completed
  ssl: Fix handshake timeout handling in TLS 1.3

1 files changed, 7 insertions, 0 deletions

diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl
index 7ad7378382..a1902b8550 100644
--- a/lib/ssl/src/ssl_internal.hrl
+++ b/lib/ssl/src/ssl_internal.hrl
@@ -109,6 +109,12 @@
 -define('24H_in_msec', 86400000).
 -define('24H_in_sec', 86400).
 
+%% https://tools.ietf.org/html/rfc8446#section-5.5
+%% Limits on Key Usage
+%% http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf
+%% Number of records * Record length
+%% 2^24.5 * 2^14 = 2^38.5
+-define(KEY_USAGE_LIMIT_AES_GCM, 388736063997).
 
 %% This map stores all supported options with default values and
 %% list of dependencies:
@@ -144,6 +150,7 @@
           key                        => {undefined, [versions]},
           keyfile                    => {undefined, [versions,
                                                      certfile]},
+          key_update_at              => {?KEY_USAGE_LIMIT_AES_GCM, [versions]},
           log_level                  => {notice,    [versions]},
           max_handshake_size         => {?DEFAULT_MAX_HANDSHAKE_SIZE, [versions]},
           next_protocol_selector     => {undefined, [versions]},