renegotiating session keys - Openssl

This is a discussion on renegotiating session keys - Openssl ; Hi, I'm working on maintaining an existing client-server product that uses OpenSSL to secure a network connection. I need to figure out how often a session key gets renegotiated while a physical connection is active. (Not the master secret, but ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: renegotiating session keys

  1. renegotiating session keys


    Hi,

    I'm working on maintaining an existing client-server product that uses
    OpenSSL to secure a network connection. I need to figure out how often
    a session key gets renegotiated while a physical connection is active.
    (Not the master secret, but rather the rekeying of the symmetric
    session key.)

    I've looked at both the client and server code, and I don't see any
    calls anywhere that show rekeying.

    I'm still having a bit of trouble with the difference in how to do a
    session key regeneration vs. session rehandshake. (I don't think I
    want SSL_CTX_sess_connect_renegotiate, BIO_set_ssl_renegotiate_bytes,
    BIO_set_ssl_renegotiate_timeout... )

    Does OpenSSL have an implicit rekeying operation? If so, how do I
    configure it, and what is the default rekeying interval? If not, how
    would I go about setting the session key on the client, if I were to
    generate the key on the server and encrypt/send it to the client?

    Any help is much appreciated.


    Thanks in advance,

    Carlos


  2. Re: renegotiating session keys


    To rephrase, I'm looking for suggestions as to how I would use OpenSSL
    to regularly recalculate the key_block that's shared between the client
    and server. (By regularly, I mean by a configurable time interval, or
    preferably "amount of data" interval.)

    >From page 106 in Rescorla, I could see that it has to do with Session

    resumption, but I can't quite figure out a way of doing this
    programmatically.

    This is all assuming that I have one physical connection that stays up
    for days on the same socket pair, and I want to refresh my key_block to
    prevent a traffic analysis attack.


    Carlos


    z wrote:
    > Hi,
    >
    > I'm working on maintaining an existing client-server product that uses
    > OpenSSL to secure a network connection. I need to figure out how often
    > a session key gets renegotiated while a physical connection is active.
    > (Not the master secret, but rather the rekeying of the symmetric
    > session key.)
    >
    > I've looked at both the client and server code, and I don't see any
    > calls anywhere that show rekeying.
    >
    > I'm still having a bit of trouble with the difference in how to do a
    > session key regeneration vs. session rehandshake. (I don't think I
    > want SSL_CTX_sess_connect_renegotiate, BIO_set_ssl_renegotiate_bytes,
    > BIO_set_ssl_renegotiate_timeout... )
    >
    > Does OpenSSL have an implicit rekeying operation? If so, how do I
    > configure it, and what is the default rekeying interval? If not, how
    > would I go about setting the session key on the client, if I were to
    > generate the key on the server and encrypt/send it to the client?
    >
    > Any help is much appreciated.
    >
    >
    > Thanks in advance,
    >
    > Carlos



+ Reply to Thread