On 2012-08-20 08:39 -0400 (Mon), Charles Mills wrote:
> What I am mostly looking for is some clue as to what would be a good default
> for how often to force renegotiation: every megabyte? Every ten megabytes?
> Every 100 megabytes?
While we're at it, I've got a long-running application as well, and
as well as similarly long-running connections, I'm wondering what, if
anything, I need to do about re-seeding OpenSSL's PRNG. How long is
it safe to leave it running in a moderately busy system (several TLS
connections per second), and is that even the metric one should use?
cjs
--
Curt Sampson <c...@cynic.net> +81 90 7737 2974
It is easier to write an incorrect program than understand a correct one.
--Alan Perlis, Epigrams on Programming (#7)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
