[openssl-users] TLS 1.3 PSK test server setup
Matt Caswell
matt at openssl.org
Wed Feb 14 23:14:05 UTC 2018
On 14/02/18 19:39, Hubert Kario wrote:
> How to start current master branch OpenSSL so that it will support static PSK
> key exchange in TLS1.3?
>
> with client running as:
> openssl s_client -psk
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>
> I've tried:
> openssl s_server -psk
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -nocert
>
> that produces
> 139823110240000:error:14201076:SSL routines:tls_choose_sigalg:no suitable
> signature algorithm:ssl/t1_lib.c:2433:
> and a handshake_failure alert sent to client
>
> and I've also tried
> openssl s_server -psk
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -cert
> cert.pem -key key.pem
> (where cert and key pem are just self signed RSA cert and key)
For a PSK to be used in needs to be the correct length for the selected
ciphersuite. The ciphersuite is selected *first*. Next the available
PSKs are checked to see if they are usable with that ciphersuite.
By default s_client talking to s_server will select
TLS13-AES-256-GCM-SHA384. Because this is based on SHA384 we need a key
which is 48 bytes long (96 hex digits). Your key is 32 bytes long (64
hex digits) so the PSK is ignored.
Matt
More information about the openssl-users
mailing list