Re: [AES-GCM] TLS packet nounce_explicit overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

And there's no reason for it to do so, because it isn't needed. If you generate one TLS packet every nanosecond, it will take nearly six centuries to overflow, by which time the version of TLS you're using will have been deprecated and all security guarantees are moot anyway.

 

In general, most security experts recommend against keeping a TLS conversation open for years at a time.

 

Michael Wojcik
Distinguished Engineer, Micro Focus

 

 

 

From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Salz, Rich via openssl-users
Sent: Thursday, March 09, 2017 05:49
To: openssl-users@xxxxxxxxxxx
Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

 

No, it does not do this automatically.

 

    if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleast by initiating renegotiation )?

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux