Dear team
In AES-GCM mode i know that the final counter will be
[4 bytes salt which is negotiated between client and serevr ]
+
[8 bytes of random bytes which are generated using RAND_bytes
(nounce_explicit).
nounce]
+
[32 bit counter ]
nounce_explicit will be incremented for every TLS packet and will be
sent in the packet .
* if the nounce _explicit overflows or overlaps , then does openssl code
handles it (atleast by initiating renegotiation )?*
I know that it will take 2^64 TLS packets in one direction . It is
practically not possible
but theoritically possible .
32 bit counter should not be a problem , since individual TLS packet
has to be more than 68GB
for this counter to overflow or overlap . This will not be possible .
Please correct me if I am wrong ?
Thanks and regards
Akshar
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
