[gnutls-devel] GnuTLS | add support for 0-RTT (!775)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Nov 8 17:00:18 CET 2018


I have fixed an issue: the database entries stored by anti-replay were not in the format that `gnutls_db_check_entry_time()` expects.

However, I now have a question about that.  If we store both TLS 1.2 session data and TLS 1.3 anti-replay entries in the same database, how the expiration time should be calculated?  While TLS 1.2 session data can be valid for 7 days, TLS 1.3 anti-replay entries should remain much shorter.

Maybe an idea would be to encode the expiration time in database entry, and make `gnutls_db_check_entry` to check that.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/775#note_115704982
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181108/b099ae0b/attachment.html>


More information about the Gnutls-devel mailing list