Re: Existing connections on certification expires

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 08/28/2017 06:13 AM, Robert Moskowitz wrote:


On 08/28/2017 01:09 AM, mahesh gs wrote:
Hello All,

We are using openssl for providing the secured communication for our application. I have some basic queries about the openssl behaviour.

1) What happens to the existing SSL connections on certification expiry? Does the openssl disconnects the existing connection?

Generally speaking:

openssl has nothing to do with a SSL/TLS connection.  It created the certificate, it is not the application using the certificate. 

That is commonly a server app (HTTPS, IMAPS, VPN server, etc.) and a client (Web browser, Mail client, VPN client).  Most of these pay no attention to the expiry date.  Some, like IPsec specify to check the expiry date and set the maximum connection lifetime to less that it.  Of course even there your mileage will vary by how each product author read the specs.

I recall now the IPsec debate on this.  The consensus was that at the time of connection setup, the certificate was valid.  Thus the parties could set whatever connection lifetime they have in their policy.  It was not considered MANDATORY to shorten the lifetime to the certificate expiry date.  This was important, as there are IPsec policies with month-long connection lifetimes.



2) How can i get the list of ciphers supported by openssl 01.01.0f ?

These question looks to be very basic but i could not find any concrete information regarding the same googling. 

Thanks,
Mahesh G S






-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux