31 Mar
2015
31 Mar
'15
1:19 p.m.
* * Signs the administrator configured key, using the private key associated with the * SSL context, then hashes the signature to get a key of an appropriate length, * which is fed to the hmac and encryption contexts for the session ticket. wait. What? I'm not parsing what you're trying to do there, and it's triggering my security spidy sense. Why do you ever want to hash a signature to get an encryption key? --Sam