Dear team
In mod_ssl is there any option to enforce SSL renegotiation after
certain amount of data has been transfered on SSL connection .
If we are using cipher suite which has AES-GCM as encryption algorithm
, then its required that when the counter overlaps or overflows then
SSL renegotiation should happen .
In AES-GCM the final counter is
[4 bytes salt which is negotiated between client and serevr ]
+
[8 bytes of random bytes which are generated for the first time using
RAND_bytes (nonce_explicit).
It is incremented for each TLS packet]
+
[32 bit counter ]
After 2^64 packets nonce_explicit will overlap or overflow (its
practically not possible but theoritically possible ).
Openssl is not handling this case .
Can mod_ssl handle this case ?
Thanks and regards
Akshar
