[openssl-dev] Input on renegotiation behaviour

Short, Todd tshort at akamai.com
Fri Sep 30 17:31:55 UTC 2016 

+1 for making DTLS behavior like TLS in terms of attempting an abbreviated handshake. (2)
--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Sep 29, 2016, at 4:40 AM, Matt Caswell <matt at openssl.org<mailto:matt at openssl.org>> wrote:



On 28/09/16 21:40, Benjamin Kaduk wrote:
On 09/28/2016 03:27 AM, Matt Caswell wrote:
The current behaviour is not *wrong* either for TLS or DTLS, but the
discrepancy is quite weird and confusing. Should we:

1) Change TLS to behave like it used to, and like DTLS still does

2) Change DTLS to be consistent with the TLS behaviour

3) Keep it as it is and retain the current inconsistency

And if we change things, should we just change it in the current dev
branch - or backport it as a bug fix?

Thoughts?


I don't think any change should be backported --it's potentially
disruptive, and if the behavior (change) has gone unnoticed for so long,
it hardly seems urgent to normalize between DTLS and TLS.

It seems like the abbreviated handshake would save some computational
resources; on the flip side, it would not have the opportunity for a
fresh DH exchange to stir the key material.  If anything, that would
almost suggest a

(4) change DTLS to default to abbreviated handshakes and change TLS to
default to normal handshakes

since the DTLS server could be sending a HelloRequest because it had to
dump state, but the TLS/TCP connection is persistent and the potential
need for key update greater there.

That said, I do prefer consistency between DTLS and TLS, so would lean
towards option (2), myself, for the resource savings.

Thanks Ben. Option 2 still gives the server the opportunity to not
resume the session if it so wishes (and in the scenario we are talking
about the server has initiated this), so perhaps that is the more
flexible route anyway.

Any one else have any thoughts on this?

Matt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160930/a6252b60/attachment-0001.html>

More information about the openssl-dev mailing list