Re: [TLS] Resuming a session as part of a renegotiation.

Yoav Nir <> Thu, 19 September 2013 18:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E6BCA21F94FF for <>; Thu, 19 Sep 2013 11:50:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -10.306
X-Spam-Status: No, score=-10.306 tagged_above=-999 required=5 tests=[AWL=0.293, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id QhGNdkd4GueX for <>; Thu, 19 Sep 2013 11:50:15 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 39FC921F949F for <>; Thu, 19 Sep 2013 11:50:13 -0700 (PDT)
Received: from ([]) by (8.13.8/8.13.8) with ESMTP id r8JIo2XD022276; Thu, 19 Sep 2013 21:50:02 +0300
X-CheckPoint: {523B475A-0-1B221DC2-1FFFF}
Received: from ([]) by ([]) with mapi id 14.02.0347.000; Thu, 19 Sep 2013 21:50:02 +0300
From: Yoav Nir <>
To: Fabrice Gautier <>
Thread-Topic: [TLS] Resuming a session as part of a renegotiation.
Thread-Index: AQHOtVcKv1CYPPdg20+k8rtQdCDoEpnNF/CAgAAXjwCAAAWlAA==
Date: Thu, 19 Sep 2013 18:50:01 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: text/plain; charset="us-ascii"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<>" <>
Subject: Re: [TLS] Resuming a session as part of a renegotiation.
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 19 Sep 2013 18:50:21 -0000

On Sep 19, 2013, at 9:29 PM, Fabrice Gautier <> wrote:
>> One possible use case: if you negotiated a block cipher with a
>> small internal state and are sending large quantities of data,
>> security might be improved by periodically renegotiating.
> Thats only benefit a full handshake renegotiation.
> The way I understand it, renegotiation allows you to have several
> session in the same connection, and session resumption allows you to
> have the same session across multiple connections.

Renegotiation just means doing the handshake again. The end result is new keys. So if you believe that 3DES keys should not be used for more than 0.5GB of data, just doing a renegotiation gives you fresh keys (because they are mixed with the new nonces). If you resume the session, you don't get new client and/or server identities, you don't get re-authentication, and you don't get a new master key, so someone who has managed to get your old master key can figure out both your old and new encryption keys. But if the only reason you're renegotiating is that you need fresh keys, that's good enough.

So renegotiation+resumption gives you the same session, but new keys. Sort of like "phase II" in IKE.