Add clarification to the TLS renegotiation period

Expanded details on use of mbedtls_ssl_conf_renegotiation_period()
This commit is contained in:
Simon Butcher 2017-02-03 00:21:28 +00:00
parent 1d4db5b7b5
commit ee75b9b417

View File

@ -2194,8 +2194,14 @@ void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_
* Lower values can be used to enforce policies such as "keys * Lower values can be used to enforce policies such as "keys
* must be refreshed every N packets with cipher X". * must be refreshed every N packets with cipher X".
* *
* \note When the transport is set to MBEDTLS_SSL_TRANSPORT_DATAGRAM, * The renegotiation period can be disabled by setting
* the maximum renegotiation period is 2^48 - 1. * conf->disable_renegotiation to
* MBEDTLS_SSL_RENEGOTIATION_DISABLED.
*
* \note When the configured transport is
* MBEDTLS_SSL_TRANSPORT_DATAGRAM the maximum renegotiation
* period is 2^48 - 1, and for MBEDTLS_SSL_TRANSPORT_STREAM,
* the maximum renegotiation period is 2^64 - 1.
* *
* \param conf SSL configuration * \param conf SSL configuration
* \param period The threshold value: a big-endian 64-bit number. * \param period The threshold value: a big-endian 64-bit number.