Re: TLS Session Resumption

---

• From: Jeffrey Walton <noloader@xxxxxxxxx>
• Date: Fri, 12 Jun 2009 11:52:20 -0400

---

The reason being that the lousy TLS API in .NET doesn't support real
strong ciphersuites :(

Vista and Server 2008 with the 6.1 SDK is what you probably want to
use. SSLTLS support includes ECC gear from Suite B. The collection is
the same list you'd expect from FireFox. A couple of references are
below.

Jeff

http://msdn.microsoft.com/en-us/library/aa374757(VS.85).aspx
Writing Secure Code for Vista, p. 144

On 6/11/09, Marc-André Laverdière <marcandre.laverdiere@xxxxxxxxx> wrote:

Hello group,

I'm spending a lot of time having trying to implement session
resumption on a C# client to talk TLS to Java.
The reason being that the lousy TLS API in .NET doesn't support real
strong ciphersuites :(

Now, the resuming handshake fails on the checksum, so I'm trying to
understand if I need to computer the checksum over all previous
handshake messages, or only with the current handshake's messages?

The spec is not clear about this... can anyone help???

--
Marc-André LAVERDIÈRE
"Perseverance must finish its work so that you may be mature and
complete, not lacking anything." -James 1:4
mlaverd.theunixplace.com/blog

/"\
\ / ASCII Ribbon Campaign
X against HTML e-mail
/ \

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: TLS Session Resumption
    • From: Marc-Andre Laverdiere

• References:
  • TLS Session Resumption
    • From: Marc-André Laverdière

• Prev by Date: RE: Windows Fileserver Pemissions
• Next by Date: Re: Windows Fileserver Pemissions
• Previous by thread: TLS Session Resumption
• Next by thread: Re: TLS Session Resumption
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > security-basics  > 2009-06