[openssl-users] [FIPS compliance] ssl reneg when counter overflows(AES_GCM)
Akshar Kanak
akshar.kanak1 at gmail.com
Thu Nov 3 06:26:16 UTC 2016
Dear team
as per the documnet
http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
page 150 , Its mentioned
The implementation of the nonce_explicit management logic inside the
module shall ensure that
when the nonce_explicit part of the IV exhausts the maximum number of
possible values for a given
session key (e.g., a 64-bit counter starting from 0 and increasing,
when it reaches the maximum value
of 2 64 -1),
*either party (the client or the server) that encounters this condition
triggers a handshake to establish a new encryption key – see Sections
7.4.1.1 and 7.4.1.2 in RFC 5246*.
is this being handled by openssl ? in the source code of openssl i am
not able find out the
exact location where this renegotiation is initiated when the counter
over flows ?
Thanks in advance
Thanks and regards
Akshar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20161103/6ca158fb/attachment.html>
More information about the openssl-users
mailing list