TLS 1.3 PSK succeeds even if then pre-shared key is wrong
Matt Caswell
matt at openssl.org
Mon Apr 20 14:35:58 UTC 2020
On 20/04/2020 12:59, brandon.murphy1996 via openssl-users wrote:
> From what I noticed, the handshake completes successfully, regardless
> of the value of "psk_key" (as long as PSK length is even). However,
> if the identity value is mismatched between psk_find_session_cb and
> use_session_cb, the handshake fails with the message:
It's not clear from your question what you expected to happen. The
length of the PSK key doesn't actually matter from a TLS perspective
(obviously in practice it is best if the length is consistent with the
ciphersuite key length).
Or did you mean that that the value doesn't matter - even if it is
mismatched with the client's value? That would be unexpected (and
probably indicates you are not actually using the PSK at all and doing a
full handshake).
Matt
More information about the openssl-users
mailing list