[openssl-users] [AES-GCM] TLS packet nounce_explicit overflow
akshar.kanak1 at gmail.com
Thu Mar 9 04:35:41 UTC 2017
In AES-GCM mode i know that the final counter will be
[4 bytes salt which is negotiated between client and serevr ]
[8 bytes of random bytes which are generated using RAND_bytes
[32 bit counter ]
nounce_explicit will be incremented for every TLS packet and will be
sent in the packet .
* if the nounce _explicit overflows or overlaps , then does openssl code
handles it (atleast by initiating renegotiation )?*
I know that it will take 2^64 TLS packets in one direction . It is
practically not possible
but theoritically possible .
32 bit counter should not be a problem , since individual TLS packet
has to be more than 68GB
for this counter to overflow or overlap . This will not be possible .
Please correct me if I am wrong ?
Thanks and regards
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users