How often should an encrypted session be rekeyed?

Sean Chittenden sean at chittenden.org
Sat Apr 19 11:30:06 PDT 2003 

> > > Using OpenSSL, is there a preferred/recommended rate of rekeying
> > > an encrypted stream of data?  Does OpenSSL handle this for
> > > developers behind the scenes?  Does it even need to be rekeyed?
> > 
> > "Depends". I recommend the O'Reilly book on OpenSSL for this and
> > related OpenSSL programming docs.
> > 
> > ISBN: 0-596-00270-X
> 
> Thanks, I may have to stop through B&N tonight.  I know it depends
> on the strength of the cypher, the data transfered, and time between
> the last rekeying, but I was wondering on what scale this should
> happen.  Once an hour?  Once every X bytes?  Does OpenSSL handle
> this for developers? I looked at OpenSSH and mod_ssl and couldn't
> find any indication as to how often things are rekeyed beyond
> "whenever the client requests it," but looking at client code didn't
> tell me much either.

Alright, well, I'm skeptical of most O'Reilly books, but I had a most
enlightening evening with the OpenSSL book mentioned above.  I always
took this aspect of crypto for granted and assumed it was always used,
but apparently not.  The concept/option that I was looking for was
ephemeral keying (I'd always called it private rekeying ::shrug::).

For those interested, each connection/session the server generates a
new private SSL key.  In exchange for giving away the SSL connection
options (only negative trade off other than higher connection setup
overhead), the session uses a unique private key that is changed
automatically by the underlying library thus providing forward
security in the event that the data from a given session was recorded
and the private key was discovered (read: wouldn't be possible to
figure out what was transmitted even with the private key).  Anyway,
ephemeral keying requires the use of Diffie-Hellman's key exchange and
that users of this technique (each connection) setup their own SSL_CTX
object and set the SSL_OP_SINGLE_DH_USE option:

SSL_CTX_set_options(ctx,
		    SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE);

Happy happy joy joy, and now you know.  -sc

-- 
Sean Chittenden

More information about the freebsd-security mailing list