[openssl-users] [FIPS compliance] ssl reneg when counter overflows(AES_GCM)

Akshar Kanak akshar.kanak1 at gmail.com
Thu Nov 3 06:26:16 UTC 2016

Dear team
    as per the documnet
    page 150 , Its mentioned
    The implementation of the nonce_explicit management logic inside the
module shall ensure that
    when the nonce_explicit part of the IV exhausts the maximum number of
possible values for a given
    session key (e.g., a 64-bit counter starting from 0 and increasing,
when it reaches the maximum value
    of 2 64 -1),
*either party (the client or the server) that encounters this condition
triggers a handshake to    establish a new encryption key – see Sections and in RFC 5246*.

    is this being handled by openssl ? in the source code of openssl i am
not able find out the
    exact location where this renegotiation is initiated when the counter
over flows ?

    Thanks in advance

    Thanks and regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161103/6ca158fb/attachment.html>

More information about the openssl-users mailing list