[openssl-users] PSK generation for TLS 1.3
Matt Caswell
matt at openssl.org
Mon Jul 3 09:11:52 UTC 2017
On 30/06/17 22:18, Neetish Pathak wrote:
> Hi All,
> Can anyone provide me pointers on how can we generate external PSK to be
> used inTLS 1.3.
>
> When I save a a session using SSL_CTX_sess_set_new_cb(), it provides an
> in-band PSK for next resumption connection.
> I use PEM_write_bio_SSL_SESSION to save the session.
>
>
> How do we use PSK externally. Can I use the same session file which was
> saved during in-band connection. I believe in case of an external PSK,
> both client and server should have a copy in advance.
Yes, you can do if you want - like you said you just need to make sure
that the session file is used on both the client and the server.
Alternatively you can "create" a new session file, e.g.
s_server/s_client do it like this:
usesess = SSL_SESSION_new();
if (usesess == NULL
|| !SSL_SESSION_set1_master_key(usesess, key, key_len)
|| !SSL_SESSION_set_cipher(usesess, cipher)
|| !SSL_SESSION_set_protocol_version(usesess,
TLS1_3_VERSION)) {
OPENSSL_free(key);
goto err;
}
Matt
More information about the openssl-users
mailing list