I understand the basics of session renegotiation. (And yes, I am familiar with http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATIO N.) Not clear to me: should I be setting SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION?
What I am mostly looking for is some clue as to what would be a good default for how often to force renegotiation: every megabyte? Every ten megabytes? Every 100 megabytes? The data is "one-way" (client to server only) and what I would call "medium sensitive": typically no national secrets or credit card numbers, but lots of userids and critical filenames. (Commercial "multi-purpose" application so a little difficult to predict *exactly* what the data will be.) The data is also highly repetitive (which I understand makes it easier to crack). It might also be possible for a rogue to "force" a predictable stream of data by taking a particular action. The server would typically be on a private network but might in some cases be Internet-facing. The server would typically be long-running (weeks without a restart). I am using OpenSSL 1.0.1c 10 May 2012. Thanks, Charles ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org