File tree 1 file changed +5
-4
lines changed
1 file changed +5
-4
lines changed Original file line number Diff line number Diff line change @@ -2244,8 +2244,8 @@ obfuscated_ticket_age
22442244 prevents passive observers from correlating sessions unless tickets
22452245 are reused. Note : because ticket lifetimes are restricted to a
22462246 week, 32 bits is enough to represent any plausible age, even in
2247- milliseconds. External tickets should use an obfuscated_ticket_age of
2248- 0.
2247+ milliseconds. External tickets SHOULD use an obfuscated_ticket_age of
2248+ 0; servers MUST ignore this value for external tickets .
22492249
22502250binders
22512251: A series of HMAC values, one for
@@ -2373,8 +2373,9 @@ The "extension_data" field of this extension contains an
23732373 struct {
23742374 } EarlyDataIndication;
23752375
2376- A server MUST validate that the ticket_age for the selected PSK
2377- identity is within a small tolerance of the time since the ticket was
2376+ A server MUST validate that the ticket age for the selected PSK
2377+ identity (computed by un-masking PskIdentity.obfuscated_ticket_age)
2378+ is within a small tolerance of the time since the ticket was
23782379issued (see {{replay-time}}). If it is not, the server SHOULD proceed
23792380with the handshake but reject 0-RTT, and SHOULD NOT take any other action
23802381that assumes that this ClientHello is fresh.
You can’t perform that action at this time.
0 commit comments