[mod_ssl] enforcing SSL renegotiation for AES-GCM based cipher suites
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: users@xxxxxxxxxxxxxxxx
- Subject: [mod_ssl] enforcing SSL renegotiation for AES-GCM based cipher suites
- From: Akshar Kanak <akshar.kanak1@xxxxxxxxx>
- Date: Mon, 13 Mar 2017 22:44:40 +0530
- Reply-to: users@xxxxxxxxxxxxxxxx
Dear team
In mod_ssl is there any option to enforce SSL renegotiation after certain amount of data has been transfered on SSL connection .
If we are using cipher suite which has AES-GCM as encryption algorithm , then its required that when the counter overlaps or overflows then SSL renegotiation should happen .
In AES-GCM the final counter is
[4 bytes salt which is negotiated between client and serevr ]
+
[8 bytes of random bytes which are generated for the first time using RAND_bytes (nonce_explicit).
It is incremented for each TLS packet]
+
[32 bit counter ]
After 2^64 packets nonce_explicit will overlap or overflow (its practically not possible but theoritically possible ).
Openssl is not handling this case .
Can mod_ssl handle this case ?
Thanks and regards
Akshar
[Index of Archives]
[Open SSH Users]
[Linux ACPI]
[Linux Kernel]
[Linux Laptop]
[Kernel Newbies]
[Security]
[Netfilter]
[Bugtraq]
[Squid]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Samba]
[Video 4 Linux]
[Device Mapper]
