> In my last question I mentioned existing connections on a session that
> has had it's master secret changed must continue to use the values
> generated from the old master secret. Is this true or does OpenSSL get
> all the connections to change their bulk cipher keys and IVs?
The way I read the SSL spec, the client can only send a previous
session ID in it's client hello message if it wants to reuse the
same security parameters. I.e. it behooves the client to use another
session ID in this case.
Eric Norman
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
