From owner-freebsd-security@FreeBSD.ORG Sat Apr 19 11:30:05 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F045437B401 for ; Sat, 19 Apr 2003 11:30:05 -0700 (PDT) Received: from perrin.int.nxad.com (internal.ext.nxad.com [69.1.70.251]) by mx1.FreeBSD.org (Postfix) with ESMTP id 839C443FCB for ; Sat, 19 Apr 2003 11:30:05 -0700 (PDT) (envelope-from sean@perrin.int.nxad.com) Received: by perrin.int.nxad.com (Postfix, from userid 1001) id E384221078; Sat, 19 Apr 2003 11:30:03 -0700 (PDT) Date: Sat, 19 Apr 2003 11:30:03 -0700 From: Sean Chittenden To: Mark Murray Message-ID: <20030419183003.GO79923@perrin.int.nxad.com> References: <20030411182758.GN79923@perrin.int.nxad.com> <200304182028.h3IKShQ5008767@grimreaper.grondar.org> <20030418205820.GF79923@perrin.int.nxad.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030418205820.GF79923@perrin.int.nxad.com> User-Agent: Mutt/1.4i X-PGP-Key: finger seanc@FreeBSD.org X-PGP-Fingerprint: 3849 3760 1AFE 7B17 11A0 83A6 DD99 E31F BC84 B341 X-Web-Homepage: http://sean.chittenden.org/ cc: security@freebsd.org Subject: Re: How often should an encrypted session be rekeyed? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Apr 2003 18:30:06 -0000 > > > Using OpenSSL, is there a preferred/recommended rate of rekeying > > > an encrypted stream of data? Does OpenSSL handle this for > > > developers behind the scenes? Does it even need to be rekeyed? > > > > "Depends". I recommend the O'Reilly book on OpenSSL for this and > > related OpenSSL programming docs. > > > > ISBN: 0-596-00270-X > > Thanks, I may have to stop through B&N tonight. I know it depends > on the strength of the cypher, the data transfered, and time between > the last rekeying, but I was wondering on what scale this should > happen. Once an hour? Once every X bytes? Does OpenSSL handle > this for developers? I looked at OpenSSH and mod_ssl and couldn't > find any indication as to how often things are rekeyed beyond > "whenever the client requests it," but looking at client code didn't > tell me much either. Alright, well, I'm skeptical of most O'Reilly books, but I had a most enlightening evening with the OpenSSL book mentioned above. I always took this aspect of crypto for granted and assumed it was always used, but apparently not. The concept/option that I was looking for was ephemeral keying (I'd always called it private rekeying ::shrug::). For those interested, each connection/session the server generates a new private SSL key. In exchange for giving away the SSL connection options (only negative trade off other than higher connection setup overhead), the session uses a unique private key that is changed automatically by the underlying library thus providing forward security in the event that the data from a given session was recorded and the private key was discovered (read: wouldn't be possible to figure out what was transmitted even with the private key). Anyway, ephemeral keying requires the use of Diffie-Hellman's key exchange and that users of this technique (each connection) setup their own SSL_CTX object and set the SSL_OP_SINGLE_DH_USE option: SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE); Happy happy joy joy, and now you know. -sc -- Sean Chittenden