Sean Walker schrieb:
>
> I am doing some work with a government agency who is requiring 128
> "bite" (a direct quote, by the way) SSL encryption in order to
> communicate their information over the Internet. We have a direct line
> to their office to get the information and then we relay that to our
> customers via the Internet. Another requirement of theirs is that we use
> a session based key.
Perfect requirement for SSL, really.
> We are writing both client and server applications
> and so have complete control over the design. What would be a good means
> of generating a "session based" key?
Perhaps you should ask for a better definition of "session based" first.
> I believe that I would have to
> disable key caching on the server, correct?
You have to disable *session* caching on the server. Thus for every new
connect a full SSL handshake is excercised and new key material for this
connection is generated.
> As well as generating the
> key on each connect.
This is done automatically by the SSl library for you.
> How do I generate this key and is that going to
> take a lot of time?
The workload for the handshake is at least an order bigger.
Whether this hits you depends on your application. Long term
connections could use this way, short term connections (like
HTTP requests) will expirience a severe performance penalty.
> I am doing this inside of a Windoze app linking
> against the library in VC++.
--
Holger Reif Tel.: +49 361 74707-0
SmartRing GmbH Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 Erfurt WWW.SmartRing.de
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
