[openssl-users] [FIPS compliance] ssl reneg when counter overflows(AES_GCM)
akshar.kanak1 at gmail.com
Thu Nov 3 06:26:16 UTC 2016
as per the documnet
page 150 , Its mentioned
The implementation of the nonce_explicit management logic inside the
module shall ensure that
when the nonce_explicit part of the IV exhausts the maximum number of
possible values for a given
session key (e.g., a 64-bit counter starting from 0 and increasing,
when it reaches the maximum value
of 2 64 -1),
*either party (the client or the server) that encounters this condition
triggers a handshake to establish a new encryption key – see Sections
18.104.22.168 and 22.214.171.124 in RFC 5246*.
is this being handled by openssl ? in the source code of openssl i am
not able find out the
exact location where this renegotiation is initiated when the counter
over flows ?
Thanks in advance
Thanks and regards
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users