Loading doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod +15 −2 Original line number Diff line number Diff line Loading @@ -49,8 +49,10 @@ the callback function will be called with I<enc> equal to 1. The OpenSSL library expects that the function will set an arbitary I<name>, initialize I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>. The I<name> is only 16 characters long. The I<iv> is of length L<EVP_MAX_IV_LENGTH> defined in B<evp.h>. The I<name> is 16 characters long and is used as a key identifier. The I<iv> length is the length of the IV of the corresponding cipher. The maximum IV length is L<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>. The initialization vector I<iv> should be a random value. The cipher context I<ctx> should use the initialisation vector I<iv>. The cipher context can be Loading Loading @@ -110,6 +112,17 @@ an all other negotiated state information encrypted within the ticket. In a resumed session the applications will have all this state information available exactly as if a full negiotation had occured. If an attacker can obtain the key used to encrypt a session ticket, they can obtain the master secret for any ticket using that key and decrypt any traffic using that session: even if the ciphersuite supports forward secrecy. As a result applications may wish to use multiple keys and avoid using long term keys stored in files. Applications can use longer keys to maintain a consistent level of security. For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key the overall security is only 128 bits because breaking the ticket key will enable an attacker to obtain the session keys. =head1 EXAMPLES Reference Implemention: Loading Loading
doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod +15 −2 Original line number Diff line number Diff line Loading @@ -49,8 +49,10 @@ the callback function will be called with I<enc> equal to 1. The OpenSSL library expects that the function will set an arbitary I<name>, initialize I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>. The I<name> is only 16 characters long. The I<iv> is of length L<EVP_MAX_IV_LENGTH> defined in B<evp.h>. The I<name> is 16 characters long and is used as a key identifier. The I<iv> length is the length of the IV of the corresponding cipher. The maximum IV length is L<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>. The initialization vector I<iv> should be a random value. The cipher context I<ctx> should use the initialisation vector I<iv>. The cipher context can be Loading Loading @@ -110,6 +112,17 @@ an all other negotiated state information encrypted within the ticket. In a resumed session the applications will have all this state information available exactly as if a full negiotation had occured. If an attacker can obtain the key used to encrypt a session ticket, they can obtain the master secret for any ticket using that key and decrypt any traffic using that session: even if the ciphersuite supports forward secrecy. As a result applications may wish to use multiple keys and avoid using long term keys stored in files. Applications can use longer keys to maintain a consistent level of security. For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key the overall security is only 128 bits because breaking the ticket key will enable an attacker to obtain the session keys. =head1 EXAMPLES Reference Implemention: Loading
