Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
a23a6e85
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
大约 1 年 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a23a6e85
编写于
7月 03, 2014
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Update ticket callback docs.
上级
f1112985
变更
1
隐藏空白更改
内联
并排
Showing
1 changed file
with
15 addition
and
2 deletion
+15
-2
doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
+15
-2
未找到文件。
doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
浏览文件 @
a23a6e85
...
...
@@ -49,8 +49,10 @@ the callback function will be called with I<enc> equal to 1. The OpenSSL
library expects that the function will set an arbitary I<name>, initialize
I<iv>, and set the cipher context I<ctx> and the hash context I<hctx>.
The I<name> is only 16 characters long. The I<iv> is of length
L<EVP_MAX_IV_LENGTH> defined in B<evp.h>.
The I<name> is 16 characters long and is used as a key identifier.
The I<iv> length is the length of the IV of the corresponding cipher. The
maximum IV length is L<EVP_MAX_IV_LENGTH> bytes defined in B<evp.h>.
The initialization vector I<iv> should be a random value. The cipher context
I<ctx> should use the initialisation vector I<iv>. The cipher context can be
...
...
@@ -110,6 +112,17 @@ an all other negotiated state information encrypted within the ticket. In a
resumed session the applications will have all this state information available
exactly as if a full negiotation had occured.
If an attacker can obtain the key used to encrypt a session ticket, they can
obtain the master secret for any ticket using that key and decrypt any traffic
using that session: even if the ciphersuite supports forward secrecy. As
a result applications may wish to use multiple keys and avoid using long term
keys stored in files.
Applications can use longer keys to maintain a consistent level of security.
For example if a ciphersuite uses 256 bit ciphers but only a 128 bit ticket key
the overall security is only 128 bits because breaking the ticket key will
enable an attacker to obtain the session keys.
=head1 EXAMPLES
Reference Implemention:
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录