Dear team In AES-GCM mode i know that the final counter will be [4 bytes salt which is negotiated between client and serevr ] + [8 bytes of random bytes which are generated using RAND_bytes (nounce_explicit). nounce] + [32 bit counter ]
nounce_explicit will be incremented for every TLS packet and will be sent in the packet . * if the nounce _explicit overflows or overlaps , then does openssl code handles it (atleast by initiating renegotiation )?* I know that it will take 2^64 TLS packets in one direction . It is practically not possible but theoritically possible . 32 bit counter should not be a problem , since individual TLS packet has to be more than 68GB for this counter to overflow or overlap . This will not be possible . Please correct me if I am wrong ? Thanks and regards Akshar
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users