On 2012-08-20 08:39 -0400 (Mon), Charles Mills wrote:
> What I am mostly looking for is some clue as to what would be a good default
> for how often to force renegotiation: every megabyte? Every ten megabytes?
> Every 100 megabytes?
While we're at it, I've got a long-running application as well,
I understand the basics of session renegotiation. (And yes, I am familiar
with
http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATIO
N.) Not clear to me: should I be setting
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION?
What I am mostly looking for is some clue as to what
Thanks for the quick response, David. I hadn't seen any documentation on
BIO_set_ssl_renegotiate_bytes/timeout(), but that sounds like a simpler
way to go. If I set them both, do they both reset whenever a
renegotiation takes place? Any recommendations on reasonable settings
for SSLv3/TLSv1?
Re: t
Wayne Feick wrote:
> Our server has one background thread constantly calling SSL_read()
> to drain incoming data. There are multiple threads generating outgoing
> data but all the SSL_write() calls are serialized with a semaphore.
> All I/O is blocking.
I'm not sure how you could make this work.
Hi All,
I've been banging my head against the wall for the last few days trying
to get session renegotiation working in a server I'm working on, and I'm
hoping someone here can give me a clue. I'm using openssl-0.9.8i.
Our server has one background thread constantly calling
Is this the same as the Debian bug reports?
./apps/openssl s_server -key key.pem -cert cert.pem -bugs -accept 12345
./apps/openssl s_client -bugs -connect localhost:12345
Default compile linux-elf (no zlib) looks good:
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is
