[openssl-users] [AES-GCM] TLS packet nounce_explicit overflow

Jakob Bohm jb-openssl at wisemo.com
Fri Mar 10 02:04:58 UTC 2017

But if the starting value is random, the number of increments
before overflow or wrap will be random too (and could
hypothetically, but rarely, be as little as 1).

Anyway, I thought TLS records were limited to slightly more than
16K each, so the in-record block counter would not count very far.

On 09/03/2017 16:26, Michael Wojcik wrote:
> And there's no reason for it to do so, because it isn't needed. If you 
> generate one TLS packet every nanosecond, it will take nearly six 
> centuries to overflow, by which time the version of TLS you're using 
> will have been deprecated and all security guarantees are moot anyway.
> In general, most security experts recommend against keeping a TLS 
> conversation open for years at a time.
> Michael Wojcik
> Distinguished Engineer, Micro Focus
> *From:*openssl-users [mailto:openssl-users-bounces at openssl.org] *On 
> Behalf Of *Salz, Rich via openssl-users
> *Sent:* Thursday, March 09, 2017 05:49
> *To:* openssl-users at openssl.org
> *Subject:* Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit 
> overflow
> No, it does not do this automatically.
> *if the nounce _explicit overflows or overlaps , then does openssl 
> code handles it (atleast by initiating renegotiation )?*

Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list