diff options
author | Péter Dimitrov <peterdmv@erlang.org> | 2020-02-12 14:57:04 +0100 |
---|---|---|
committer | Péter Dimitrov <peterdmv@erlang.org> | 2020-02-12 14:57:04 +0100 |
commit | ffa98227d95a09cd5aa7f243a4e61088b8283b1d (patch) | |
tree | 817b36d37cbc5888d51a5790e4962ed11384cd25 /lib/ssl/src/ssl_internal.hrl | |
parent | 4cfd8a4544a6ae1ec37cede3abb786c3d8f321ff (diff) | |
parent | f436592719c5036e254c10aec59ca3de5e42ee54 (diff) | |
download | erlang-ffa98227d95a09cd5aa7f243a4e61088b8283b1d.tar.gz |
Merge branch 'maint'
* maint:
ssl: Remove debug printouts in tls_1_3_record_SUITE
ssl: Improve stability of ssl_key_update_SUITE
ssl: Make key update atomic in tls sender
ssl: Improve openssl test server
ssl: Improve ssl_test_lib
ssl: Chunk data before sending
ssl: Add ssl_key_update_SUITE
ssl: Update documentation
ssl: Fix function tests
ssl: Implement option 'key_update_at'
ssl: Implement limits on key usage (TLS 1.3)
ssl: Add API function for key update
ssl: Implement KeyUpdate
ssl: Forget master_secret after handshake completed
ssl: Fix handshake timeout handling in TLS 1.3
Diffstat (limited to 'lib/ssl/src/ssl_internal.hrl')
-rw-r--r-- | lib/ssl/src/ssl_internal.hrl | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/ssl/src/ssl_internal.hrl b/lib/ssl/src/ssl_internal.hrl index 7ad7378382..a1902b8550 100644 --- a/lib/ssl/src/ssl_internal.hrl +++ b/lib/ssl/src/ssl_internal.hrl @@ -109,6 +109,12 @@ -define('24H_in_msec', 86400000). -define('24H_in_sec', 86400). +%% https://tools.ietf.org/html/rfc8446#section-5.5 +%% Limits on Key Usage +%% http://www.isg.rhul.ac.uk/~kp/TLS-AEbounds.pdf +%% Number of records * Record length +%% 2^24.5 * 2^14 = 2^38.5 +-define(KEY_USAGE_LIMIT_AES_GCM, 388736063997). %% This map stores all supported options with default values and %% list of dependencies: @@ -144,6 +150,7 @@ key => {undefined, [versions]}, keyfile => {undefined, [versions, certfile]}, + key_update_at => {?KEY_USAGE_LIMIT_AES_GCM, [versions]}, log_level => {notice, [versions]}, max_handshake_size => {?DEFAULT_MAX_HANDSHAKE_SIZE, [versions]}, next_protocol_selector => {undefined, [versions]}, |