[openssl-users] Limit the number of AES-GCM keys allowed in TLS

Dmitry Belyavsky beldmit at gmail.com
Wed Sep 12 09:02:09 UTC 2018


The issue https://github.com/openssl/openssl/pull/7129 has introduced a
possibility to limit the amount of TLS records processed without key
changing as required by FIPS.

We in Russia have limitations with the same semantics applicable to Russian
GOST TLS ciphersuites (
https://datatracker.ietf.org/doc/draft-smyshlyaev-tls12-gost-suites/) so I
think that this mechanism is very useful.

The current implementation is done at EVP level, and it seems suboptimal
because of the following reasons:
- If the AES implementation is provided via engine, not by OpenSSL itself,
the limitation can be avoided
- the limitation has been made too generic
- the implementation seems to be AEAD-specific.

So does not it make sense to provide this limitation at least at the
ciphersuite level? It can provide more straightforward way to manage such

Thank you!

SY, Dmitry Belyavsky
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180912/d8aac0e3/attachment.html>

More information about the openssl-users mailing list