[openssl-dev] [RFC 0/4] Kernel TLS socket API
Kurt Roeckx
kurt at roeckx.be
Thu Jun 8 16:26:35 UTC 2017
On Thu, Jun 08, 2017 at 10:43:15AM +0200, Hannes Frederic Sowa wrote:
>
> we have discussed this in the past on netdev at vger.kernel.org but I just
> want to point out here again, that renewing the symmetric crypto keys is
> not supported in the kernel part (for the time being).
>
> So in case the application depends on renegotiation (TLS1.2, which is
> the only version supported right now by the kernel AFAIK) as well key
> updates in TLS1.3 won't work.
It might be useful to be able to transfer the state in both
directions, so that those things are possible.
> Because this feature is not transparent yet, I think it definitely needs
> a switch for applications to control it.
We will probably also at least need to have way to find out if a
cipher is supported by the kernel we're running on or not.
Kurt
More information about the openssl-dev
mailing list