Why can't I force a specific cipher with the openssl app with TLS 1.3?
Phil Neumiller
pneumiller at directstream.com
Thu Nov 14 22:30:43 UTC 2019
Hi Matt,
That works fine for 256 as you mentioned. I trying to speak to a piece of
hardware that has one supported cipher, i.e. TLS_AES_256_GCM_SHA384. I
tried the naive approach of
PSK=63ef2024b1
openssl s_server -accept 4433 -tls1_3 -nocert -psk $PSK -sigalgs RSA+SHA384
-ciphersuites TLS_AES_256_GCM_SHA384
And the server starts up as it does with ECDSA+SHA384. However,
PSK=63ef2024b1
openssl s_client -tls1_3 -psk $PSK -connect :4433 -sigalgs RSA+SHA384
-ciphersuites TLS_AES_256_GCM_SHA384
Fails with invalid signature algorithm - which from your post I'm
interpreting as I need a session file. The link you mentioned in your post
only describes the problem from the call back or API perspective and I was
really hoping to get this to work with something like:
openssl s_server -session_file fname ...
But when I follow that link it doesn't describe how to create the file. I
seem to be misinterpreting something.
Thanks,
Phil
-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
More information about the openssl-users
mailing list