And there's no reason for it to do so, because it isn't needed. If you generate one TLS packet every nanosecond, it will take nearly six centuries to overflow, by which time the version of TLS you're using will have been deprecated and all security guarantees are moot anyway.
In general, most security experts recommend against keeping a TLS conversation open for years at a time. Michael Wojcik Distinguished Engineer, Micro Focus From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of Salz, Rich via openssl-users Sent: Thursday, March 09, 2017 05:49 To: openssl-users@openssl.org Subject: Re: [openssl-users] [AES-GCM] TLS packet nounce_explicit overflow No, it does not do this automatically. if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleast by initiating renegotiation )?
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
