update documentation related to ticket handling

tlsfuzzer · Jan 16, 2019 · ff1178f · ff1178f
1 parent 8eafa3b
commit ff1178f
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/tlslite/handshakesettings.py b/tlslite/handshakesettings.py
@@ -186,12 +186,17 @@ class HandshakeSettings(object):
         tickets. First entry is the encryption key for new tickets and the
         default decryption key, subsequent entries are the fallback keys
         allowing for key rollover. The keys need to be of size appropriate
-        for a selected cipher in ticketCipher, 32 bytes for 'aes256gcm'.
+        for a selected cipher in ticketCipher, 32 bytes for 'aes256gcm' and
+        'chacha20-poly1305', 16 bytes for 'aes128-gcm'.
+        New keys should be generated regularly and replace old ones. Key use
+        time should generally not be longer than 24h and key life-time should
+        not be longer than 48h.
         Leave empty to disable session ticket support on server side.
 
     :vartype ticketCipher: str
     :ivar ticketCipher: name of the cipher used for encrypting the session
-        tickets. 'aes256gcm' by default
+        tickets. 'aes256gcm' by default, 'aes128gcm' or 'chacha20-poly1305'
+        alternatively.
 
     :vartype ticketLifetime: int
     :ivar ticketLifetime: maximum allowed lifetime of ticket encryption key,