Security Basics mailing list archives
Re: TLS Session Resumption
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 12 Jun 2009 11:52:20 -0400
The reason being that the lousy TLS API in .NET doesn't support real strong ciphersuites :(
Vista and Server 2008 with the 6.1 SDK is what you probably want to use. SSLTLS support includes ECC gear from Suite B. The collection is the same list you'd expect from FireFox. A couple of references are below. Jeff http://msdn.microsoft.com/en-us/library/aa374757(VS.85).aspx Writing Secure Code for Vista, p. 144 On 6/11/09, Marc-André Laverdière <marcandre.laverdiere () gmail com> wrote:
Hello group, I'm spending a lot of time having trying to implement session resumption on a C# client to talk TLS to Java. The reason being that the lousy TLS API in .NET doesn't support real strong ciphersuites :( Now, the resuming handshake fails on the checksum, so I'm trying to understand if I need to computer the checksum over all previous handshake messages, or only with the current handshake's messages? The spec is not clear about this... can anyone help??? -- Marc-André LAVERDIÈRE "Perseverance must finish its work so that you may be mature and complete, not lacking anything." -James 1:4 mlaverd.theunixplace.com/blog /"\ \ / ASCII Ribbon Campaign X against HTML e-mail / \ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- TLS Session Resumption Marc-André Laverdière (Jun 12)
- Re: TLS Session Resumption Jeffrey Walton (Jun 15)
- Re: TLS Session Resumption Marc-Andre Laverdiere (Jun 15)
- <Possible follow-ups>
- Re: TLS Session Resumption shailesh . sf (Jun 15)
- Re: TLS Session Resumption Jeffrey Walton (Jun 15)