The SSLv3, TLSv1, TLSv1.1, and TLSv1.2 protocols allow the encryption key to be renegotiated during a secure connection. Renegotiating the encryption key can provide a higher level of security for long-running connections. The AT-TLS default is to not reset the cipher.
To enable AT-TLS to request a reset of the cipher, you can specify a time interval in the range 1–1440 seconds using the ResetCipherTimer statement. The cipher reset is requested when the timer expires and the next application read or write is completed. The time interval is restarted when the cipher has been changed. Both ends of the secure connection must agree to perform another handshake to renegotiate the cipher. By default, both the client and server must support RFC 5746 renegotiation. The HandshakeRole Client end must initiate this handshake. The HandshakeRole Server end can send an alert to the client requesting another handshake. The client is free to ignore or postpone the request. The server is free to refuse a handshake request sent by the client for another handshake.