[openssl-users] renegotiate across exec()

Viktor Dukhovni openssl-users at dukhovni.org
Fri Mar 2 05:44:31 UTC 2018



> On Mar 1, 2018, at 10:39 PM, Felipe Gasper <felipe at felipegasper.com> wrote:
> 
> Hi all,
> 
> 	I’ve got a project where I’m trying to send a Hello Request from the server immediately before an exec(), then renegotiate the SSL connection.
> 
> 	What is the easiest way to send *just* a Hello Request from a server?

You actually have a more severe problem.  The session is already established
and so the renegotiation must happen over an already encrypted channel.  But
there's no API to export the cryptographic state for use in the new executable.

I believe you're out of luck.  I believe that OpenSSL does not support migration
of live connections between address spaces.

-- 
	Viktor.



More information about the openssl-users mailing list