[openssl-users] Existing connections on certification expires

Robert Moskowitz rgm at htt-consult.com
Mon Aug 28 10:13:51 UTC 2017

On 08/28/2017 01:09 AM, mahesh gs wrote:
> Hello All,
> We are using openssl for providing the secured communication for our 
> application. I have some basic queries about the openssl behaviour.
> 1) What happens to the existing SSL connections on certification 
> expiry? Does the openssl disconnects the existing connection?

Generally speaking:

openssl has nothing to do with a SSL/TLS connection.  It created the 
certificate, it is not the application using the certificate.

That is commonly a server app (HTTPS, IMAPS, VPN server, etc.) and a 
client (Web browser, Mail client, VPN client).  Most of these pay no 
attention to the expiry date.  Some, like IPsec specify to check the 
expiry date and set the maximum connection lifetime to less that it.  Of 
course even there your mileage will vary by how each product author read 
the specs.

> 2) How can i get the list of ciphers supported by openssl 01.01.0f ?
> These question looks to be very basic but i could not find any 
> concrete information regarding the same googling.
> Thanks,
> Mahesh G S

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170828/0dde2edf/attachment-0001.html>

More information about the openssl-users mailing list