On Thu, Jun 08, 2017 at 10:43:15AM +0200, Hannes Frederic Sowa wrote: > > we have discussed this in the past on net...@vger.kernel.org but I just > want to point out here again, that renewing the symmetric crypto keys is > not supported in the kernel part (for the time being). > > So in case the application depends on renegotiation (TLS1.2, which is > the only version supported right now by the kernel AFAIK) as well key > updates in TLS1.3 won't work.
It might be useful to be able to transfer the state in both directions, so that those things are possible. > Because this feature is not transparent yet, I think it definitely needs > a switch for applications to control it. We will probably also at least need to have way to find out if a cipher is supported by the kernel we're running on or not. Kurt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev