> I'm trying to avoid doing the whole handshake again - I just want to
> change the bulk cipher keys/IVs in use by the connection every now and
> again and the SSL and TLS specs say this is done by using the client
> hello message with the same session ID as the connection is already
> using (see the client hello section).
>
Hmmm, it's getting more clear:
If you give a client hello with an existing session id, the client and
server random values will change, but the master secret won't because
the short version of the handshake doesn't do the key exchange.
The client and server random values are connection state, the master
secret is session state. So a renegotiation using an existing session id
will only affect the connection that caused it.
Even if a new cipher suite is negotiated the other (existing)
connections will still have their old ciphers. Any new connections will
use the new one.
--
Regards,
David Taylor
Forge Research
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
