Dear team
as per the documnet http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
page 150 , Its mentioned
The implementation of the nonce_explicit management logic inside the module shall ensure that
when the nonce_explicit part of the IV exhausts the maximum number of possible values for a given
session key (e.g., a 64-bit counter starting from 0 and increasing, when it reaches the maximum value
of 2 64 -1), either party (the client or the server) that encounters this condition triggers a handshake to
establish a new encryption key – see Sections 7.4.1.1 and 7.4.1.2 in RFC 5246.
is this being handled by openssl ? in the source code of openssl i am not able find out the
exact location where this renegotiation is initiated when the counter over flows ?
Thanks in advance
Thanks and regards
Akshar
as per the documnet http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
page 150 , Its mentioned
The implementation of the nonce_explicit management logic inside the module shall ensure that
when the nonce_explicit part of the IV exhausts the maximum number of possible values for a given
session key (e.g., a 64-bit counter starting from 0 and increasing, when it reaches the maximum value
of 2 64 -1), either party (the client or the server) that encounters this condition triggers a handshake to
establish a new encryption key – see Sections 7.4.1.1 and 7.4.1.2 in RFC 5246.
is this being handled by openssl ? in the source code of openssl i am not able find out the
exact location where this renegotiation is initiated when the counter over flows ?
Thanks in advance
Thanks and regards
Akshar
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
