Date: Fri, 18 Apr 2003 13:58:20 -0700 From: Sean Chittenden <sean@chittenden.org> To: Mark Murray <mark@grondar.org> Cc: security@freebsd.org Subject: Re: How often should an encrypted session be rekeyed? Message-ID: <20030418205820.GF79923@perrin.int.nxad.com> In-Reply-To: <200304182028.h3IKShQ5008767@grimreaper.grondar.org> References: <20030411182758.GN79923@perrin.int.nxad.com> <200304182028.h3IKShQ5008767@grimreaper.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Using OpenSSL, is there a preferred/recommended rate of rekeying > > an encrypted stream of data? Does OpenSSL handle this for > > developers behind the scenes? Does it even need to be rekeyed? > > "Depends". I recommend the O'Reilly book on OpenSSL for this and > related OpenSSL programming docs. > > ISBN: 0-596-00270-X Thanks, I may have to stop through B&N tonight. I know it depends on the strength of the cypher, the data transfered, and time between the last rekeying, but I was wondering on what scale this should happen. Once an hour? Once every X bytes? Does OpenSSL handle this for developers? I looked at OpenSSH and mod_ssl and couldn't find any indication as to how often things are rekeyed beyond "whenever the client requests it," but looking at client code didn't tell me much either. Do you know of any online URLs with useful bits? -sc -- Sean Chittenden
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030418205820.GF79923>