The ability for an application to trigger an abbreviated handshake is
a good feature. It allows a client or server to refresh the symmetric
keys without performing a full handshake, which can be expensive.
Frequent refreshing of the symmetric keys reduces the risk of a key
being compromised, especially on a long standing session. I work with an
embedded device for the SCADA (Supervisory Control and Data Acquisition)
industry that makes use of OpenSSL and could really use this feature. In
fact, this feature is called for in a SCADA standard (i.e. IEC 62351-3
produced by IEC technical committee 57, working group 15 on Data and
Communication Security) so I expect others in the SCADA industry could
also use it.
The patch described in the following post will add this feature. It
would be much appreciated if the OpenSSL team would consider this patch
for an upcoming release of OpenSSL.
http://marc.info/?i=rt-3.4.5-91114-1276780952-1833.1833-6-0%20()%20openssl%20!%20org
Sincerely,
Greg
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
