Add client-side validation to check if session ticket lifetime
hints exceeds 7 days in TLS1.3 connections and caps it to the
maximum value of 7 days(604800 seconds).
Modified `CHANGES.md` with the description of updated change.
Resolves: #30808
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Thu Jun 18 12:25:33 2026
(Merged from https://github.com/openssl/openssl/pull/31174)
*Dimitri John Ledkov*
+ * Add client-side validation for TLS 1.3 session ticket lifetimes.
+
+ In accordance with [RFC 8446 Section 4.6.1](https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.1),
+ TLS 1.3 clients must not cache session tickets
+ for longer than 7 days (604800 seconds).
+ When processing a new session ticket message with a
+ `ticket_lifetime_hint` value greater than 7 days,
+ the client now caps the lifetime to the
+ maximum permitted value of 7 days (604800 seconds).
+
+ *Abel Thomas*
+
### Changes between 3.6 and 4.0.0 [14 Apr 2026]
* Added `-expected-rpks` option to the `openssl s_client`
if (SSL_CONNECTION_IS_TLS13(s)) {
PACKET extpkt;
+ /*
+ * Fulfilling RFC8446:4.6.1 requirement: Clients MUST NOT cache
+ * tickets for longer than 7 days.
+ */
+ if (ticket_lifetime_hint > 604800) {
+ ticket_lifetime_hint = 604800;
+ }
+
if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
|| PACKET_remaining(pkt) != 0) {
SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_LENGTH_MISMATCH);
projects / thirdparty / openssl.git / commitdiff
