Home>

I am currently studying and implementing SSL/TLS (hereinafter referred to as TLS).
I have two questions that I wondered about.

  • In TLS communication, negotiation is performed by TLS handshake after 3-way handshake,
    Establish a session by sharing a common key. After the session is established, data encryption using a common key
    When, what information is used to update the common key?

  • Since the TLS handshake is supposed to generate a common key based on the premaster secret information,
    Will renegotiation be performed when the common key is updated, and a new session be established for communication?

If there was no renewal of the common key, there were concerns about risks such as key leakage and expansion of the scope of influence, so I was very interested.

Since I didn't get the information I wanted, I asked a question.
If i can understand, thank you.

ssl
  • Answer # 1

    Until TLS 1.2, there was no way to update the session key except for re-handshake, and it was implemented asKeyUpdatein TLS 1.3 (reference, relevant part of RFC).

  • Answer # 2

    I don't know what the range is, but if you're looking for a precise and accurate story, isn't it sure to read RFC8446?