diff options
author | Ingela Anderton Andin <[email protected]> | 2011-11-23 14:15:45 +0100 |
---|---|---|
committer | Ingela Anderton Andin <[email protected]> | 2011-11-23 16:22:28 +0100 |
commit | fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804 (patch) | |
tree | 368359b0974cae5b956ce301c83e863b656fe53a /lib/ssl/src/ssl_record.hrl | |
parent | f545894e96d5898285eee8dce812c885cf208fb7 (diff) | |
download | otp-fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804.tar.gz otp-fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804.tar.bz2 otp-fc668fb3dfbdd72d8f0d4e4af4500f070cdeb804.zip |
Implementation of 1/n-1 splitting countermeasure Rizzo/Duong-Beast
The code is refactored and improved to make it easier to insert the
1/n-1 splitting countermeasure Rizzo/Duong-Beast that is really done
in one function clause in ssl:record_split_bin/3
Diffstat (limited to 'lib/ssl/src/ssl_record.hrl')
-rw-r--r-- | lib/ssl/src/ssl_record.hrl | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/lib/ssl/src/ssl_record.hrl b/lib/ssl/src/ssl_record.hrl index 5fb0070b91..282d642138 100644 --- a/lib/ssl/src/ssl_record.hrl +++ b/lib/ssl/src/ssl_record.hrl @@ -1,7 +1,7 @@ %% %% %CopyrightBegin% %% -%% Copyright Ericsson AB 2007-2010. All Rights Reserved. +%% Copyright Ericsson AB 2007-2011. All Rights Reserved. %% %% The contents of this file are subject to the Erlang Public License, %% Version 1.1, (the "License"); you may not use this file except in @@ -70,9 +70,10 @@ -define(MAX_SEQENCE_NUMBER, 18446744073709552000). %% math:pow(2, 64) - 1 = 1.8446744073709552e19 %% Sequence numbers can not wrap so when max is about to be reached we should renegotiate. %% We will renegotiate a little before so that there will be sequence numbers left -%% for the rehandshake and a little data. --define(MARGIN, 100). --define(DEFAULT_RENEGOTIATE_AT, ?MAX_SEQENCE_NUMBER - ?MARGIN). +%% for the rehandshake and a little data. Currently we decided to renegotiate a little more +%% often as we can have a cheaper test to check if it is time to renegotiate. It will still +%% be fairly seldom. +-define(DEFAULT_RENEGOTIATE_AT, 268435456). %% math:pow(2, 28) %% ConnectionEnd -define(SERVER, 0). |