Implementation of 1/n-1 splitting countermeasure Rizzo/Duong-Beast

The code is refactored and improved to make it easier to insert the
1/n-1 splitting countermeasure Rizzo/Duong-Beast that is really done
in one function clause in ssl:record_split_bin/3

1 files changed, 5 insertions, 4 deletions

diff --git a/lib/ssl/src/ssl_record.hrl b/lib/ssl/src/ssl_record.hrl
index 5fb0070b91..282d642138 100644
--- a/lib/ssl/src/ssl_record.hrl
+++ b/lib/ssl/src/ssl_record.hrl
@@ -1,7 +1,7 @@
 %%
 %% %CopyrightBegin%
 %%
-%% Copyright Ericsson AB 2007-2010. All Rights Reserved.
+%% Copyright Ericsson AB 2007-2011. All Rights Reserved.
 %%
 %% The contents of this file are subject to the Erlang Public License,
 %% Version 1.1, (the "License"); you may not use this file except in
@@ -70,9 +70,10 @@
 -define(MAX_SEQENCE_NUMBER, 18446744073709552000). %% math:pow(2, 64) - 1 = 1.8446744073709552e19
 %% Sequence numbers can not wrap so when max is about to be reached we should renegotiate.
 %% We will renegotiate a little before so that there will be sequence numbers left
-%% for the rehandshake and a little data. 
--define(MARGIN, 100).
--define(DEFAULT_RENEGOTIATE_AT, ?MAX_SEQENCE_NUMBER - ?MARGIN).
+%% for the rehandshake and a little data. Currently we decided to renegotiate a little more
+%% often as we can have a cheaper test to check if it is time to renegotiate. It will still
+%% be fairly seldom. 
+-define(DEFAULT_RENEGOTIATE_AT, 268435456). %% math:pow(2, 28) 
 
 %% ConnectionEnd
 -define(SERVER, 0).