<div dir="ltr">Benjamin/Matt,<div>Appreciate your tips and help so far.</div><div>Could you give me any pointers for placing my timestamps within the OpenSSl code for right measurement for handshake. I am reading through the master code. I think since in TLS 1.3 is session tickets are sent after handshake, it would be ok to place a timestamp in the <b style="font-family:Courier;font-size:14px">ossl_statem_server_pre_work </b><span style="font-family:Courier;font-size:14px">function before</span><b style="font-family:Courier;font-size:14px"> </b><b style="font-family:Courier;font-size:14px">tls_finish_handshake</b><font face="Courier"><span style="font-size:14px"> is called (This function is in state_srvr.c which updates the stjatemachine I think). <b>It is only called for TLS 1.3</b></span></font><b style="font-family:Courier;font-size:14px"> </b></div><div><font face="Courier"><b><span style="font-size:14px">But I do not see any significant change when I put a timestamp here or at the end of SSL_accept on my server application program.</span></b></font></div><div><font face="Courier"><b><span style="font-size:14px">Any help for the right location of time stamps will be appreciated.</span></b></font></div><div><br></div><div><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(3,38,204)"><span style="color:rgb(0,0,0)"> </span><span style="color:rgb(147,26,104)"><b>case</b></span><span style="color:rgb(0,0,0)"> </span><i>TLS_ST_SW_SESSION_TICKET</i><span style="color:rgb(0,0,0)">:</span></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"> <span style="color:rgb(147,26,104)"><b>if</b></span> (SSL_IS_TLS13(s)) {</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"> <span style="color:rgb(78,144,114)">/*</span></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"> * Actually this is the end of the handshake, but we're going</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"> * straight into writing the session ticket out. So we finish off</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"> * the handshake, but keep the various buffers active.</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"> */</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)">/***************************End time stamp*****************************************************/</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span></span><span style="color:rgb(147,26,104)"><b>struct</b></span><span style="color:rgb(34,34,34)"> timespec end;</span></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span style="color:rgb(121,61,147)"><b>clock_gettime</b></span>(CLOCK_MONOTONIC_RAW, &end);</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span> <span style="color:rgb(0,97,65)">uint64_t</span> tempTimeEnd = end.<span style="color:rgb(3,38,204)">tv_nsec</span> / 1000;</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"> <span class="gmail-Apple-tab-span" style="white-space:pre"> </span> </span><span style="color:rgb(121,61,147)"><b>printf</b></span><span style="color:rgb(0,0,0)">(</span>"Handshake End time : %<span style="text-decoration:underline">llu</span> \n"<span style="color:rgb(0,0,0)">, tempTimeEnd);</span></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(57,51,255)"><span style="color:rgb(0,0,0)"><span class="gmail-Apple-tab-span" style="white-space:pre"><br></span></span></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"> <span style="color:rgb(147,26,104)"><b>return</b></span> tls_finish_handshake(s, wst, 0);</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"> } <span style="color:rgb(147,26,104)"><b>if</b></span> (SSL_IS_DTLS(s)) {</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"> <span style="color:rgb(78,144,114)">/*</span></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"> * We're into the last flight. We don't retransmit the last flight</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"> * unless we need to, so we don't use the timer</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(78,144,114)"> */</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"> st-><span style="color:rgb(3,38,204)">use_timer</span> = 0;</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"> }</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier"><br></p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">Thanks</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">BR,</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier">Neetish</p></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 16, 2017 at 5:54 PM, Benjamin Kaduk via openssl-users <span dir="ltr"><<a href="mailto:openssl-users@openssl.org" target="_blank">openssl-users@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"><span class="">
On 06/16/2017 05:36 PM, Matt Caswell wrote:<br>
<blockquote type="cite">
<blockquote type="cite" style="color:#000000">
<pre>The security properties of such "external" PSKs are substantially
different than the "ephemeral" PSKs used in resumption flows.
</pre>
</blockquote>
<pre>Ben - Even external PSKs incorporate an ephemeral, per connection, ECDHE
based secret (assuming a suitable kex_mode is used). What do you see as
the concern?</pre>
</blockquote>
<br></span>
The risk of accidentally using psk_ke instead of psk_dhe_ke is
noticeable, and in terms of concrete differences, there are
additional requirements on external PSKs that the KDF and PSK
identity must remain fixed across uses. That, combined with the
potential for insufficient entropy during key generation (mentioned
in section 2.2 of draft-20) seem to provide more openings for
cryptographic attacks than for the full resumption flow. It is
probably fine for uses where the other properties of external PSKs
are needed, but I'm not sure that the risk/reward balance favors
using it just to get a speedup -- TLS 1.3 resumption should already
be pretty fast.<br>
<br>
-Ben<br>
</div>
<br>--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
<br></blockquote></div><br></div>