I have a question about session param negotiation when there are a
number of connections attached to the session.
If the cipher suite stays the same, I imagine everything works fine as
the new session params really only generate connection state (bulk
cipher keys, IVs etc). So the connection that instigated the negotiation
will get new keys and the rest will continue to use their old keys.
What happens if the cipher suite changes? This might seem silly at
first, as you'd imagine the best available cipher suite was chosen to
being with - but looking at the Javasoft SSL specs there are calls into
the session to dynamically enable and disable cipher suites. So if an
app disabled the cipher suite currently in use on a session and then
forced a negotiation to occur the cipher suite on that session would
change and the other connections would not be able to work anymore...
What does OpenSSL do in this case? Does it forbid the cipher suite to
change if there is more than one connection on a session - only allowing
the connection keys etc to change?
--
Regards,
David Taylor
Forge Research
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
