Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

improve SSL_CTX_set_tlsext_ticket_key_cb ref impl [1.1.1] #12391

Conversation

@gstrauss
Copy link
Contributor

@gstrauss gstrauss commented Jul 8, 2020

improve reference implementation code in
SSL_CTX_set_tlsext_ticket_key_cb man page

change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication
of requiring longer keys. Updating this code brings the reference
implementation in line with implementation in openssl committed in 2016:
commit 05df5c2
Use AES256 for the default encryption algorithm for TLS session tickets

add comments where user-implementation is needed to complete code

(backport from #12063)

Checklist
  • documentation is added or updated
improve reference implementation code in
  SSL_CTX_set_tlsext_ticket_key_cb man page

change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication
of requiring longer keys.  Updating this code brings the reference
implementation in line with implementation in openssl committed in 2016:
commit 05df5c2
Use AES256 for the default encryption algorithm for TLS session tickets

add comments where user-implementation is needed to complete code

(backport from #12063)
@kaduk kaduk changed the title improve SSL_CTX_set_tlsext_ticket_key_cb ref impl improve SSL_CTX_set_tlsext_ticket_key_cb ref impl [1.1.1] Jul 8, 2020
@kaduk
kaduk approved these changes Jul 8, 2020
@openssl-machine
Copy link

@openssl-machine openssl-machine commented Jul 9, 2020

This pull request is ready to merge

openssl-machine pushed a commit that referenced this pull request Jul 9, 2020
improve reference implementation code in
  SSL_CTX_set_tlsext_ticket_key_cb man page

change EVP_aes_128_cbc() to EVP_aes_256_cbc(), with the implication
of requiring longer keys.  Updating this code brings the reference
implementation in line with implementation in openssl committed in 2016:
commit 05df5c2
Use AES256 for the default encryption algorithm for TLS session tickets

add comments where user-implementation is needed to complete code

(backport from #12063)

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from #12391)
@mattcaswell
Copy link
Member

@mattcaswell mattcaswell commented Jul 9, 2020

Pushed. Thanks.

@mattcaswell mattcaswell closed this Jul 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants