<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Jul 3, 2017 at 2:11 AM, Matt Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-"><br>
<br>
On 30/06/17 22:18, Neetish Pathak wrote:<br>
> Hi All,<br>
> Can anyone provide me pointers on how can we generate external PSK to be<br>
> used inTLS 1.3.<br>
><br>
> When I save a a session using SSL_CTX_sess_set_new_cb(), it provides an<br>
> in-band PSK for next resumption connection.<br>
> I use PEM_write_bio_SSL_SESSION to save the session.<br>
><br>
><br>
> How do we use PSK externally. Can I use the same session file which was<br>
> saved during in-band connection. I believe in case of an external PSK,<br>
> both client and server should have a copy in advance.<br>
<br>
</span>Yes, you can do if you want - like you said you just need to make sure<br>
that the session file is used on both the client and the server.<br>
Alternatively you can "create" a new session file, e.g.<br>
s_server/s_client do it like this:<br>
<br>
usesess = SSL_SESSION_new();<br>
if (usesess == NULL<br>
|| !SSL_SESSION_set1_master_key(<wbr>usesess, key, key_len)<br>
|| !SSL_SESSION_set_cipher(<wbr>usesess, cipher)<br>
|| !SSL_SESSION_set_protocol_<wbr>version(usesess,<br>
TLS1_3_VERSION)) {<br>
OPENSSL_free(key);<br>
goto err;<br>
}<br>
<span class="gmail-HOEnZb"><font color="#888888"><br>
<br></font></span></blockquote><div>Thanks Matt. This is quite useful.</div><div>Just to clarify my understanding based on your comments, OpenSSL code and Draft for TLS 1.3/RFC for TLS1.2, please help me with following queries</div><div><br></div><div>1) So, when using external PSK (by creating the new session file), client should mandatorily use <span style="font-family:Courier;font-size:14px">SSL_CTX_set_psk_use_session_callback while server should mandatorily use </span><span style="font-family:Courier;font-size:14px">SSL_CTX_set_psk_find_session_callback.</span></div><div><span style="font-family:Courier;font-size:14px">They both should use a common key (psk_key) to generate the new session file and this common key is the one shared in advance to both client and server. From the OpenSSL code, this key is used as char * type. So does it mean that any pre-decided string can be used as a key and it does not need any format etc. Both client and server create sessions based on the key and connect based on the created session?</span></div><div><span style="font-family:Courier;font-size:14px">In one of the examples, </span><span class="gmail-s1" style="font-family:Courier;font-size:14px"><b>strspn</b></span><span class="gmail-s2" style="font-family:Courier;font-size:14px">(psk_key, </span><span style="color:rgb(57,51,255);font-family:Courier;font-size:14px">"abcdefABCDEF1234567890"</span><span class="gmail-s2" style="font-family:Courier;font-size:14px">) is used. So, I believe I can use any hex value string of my choice as psk_key.</span></div>
<div><span style="font-family:Courier;font-size:14px"><br></span></div><div><span style="font-family:Courier;font-size:14px"><br></span></div><div><span style="font-family:Courier;font-size:14px">2) Also, from the man page , I found that PSK are used in TLS1.2 and lower versions too and </span><span style="font-family:Courier;font-size:14px">SSL_CTX_set_psk_server_callback and </span><span style="font-family:Courier;font-size:14px">SSL_CTX_set_psk_client_callback are used to set callback there. PSK identity and Pre shared key is set there which can be used during the connection. It is also written that these values are required when using PSK cipher-suites. So, is my understanding correct that the role of PSK in version <= TLS1.2 is only for using PSK ciphersuites (e.g: </span><span style="font-variant-ligatures:no-common-ligatures;color:rgb(0,0,0);font-family:Menlo;font-size:11px">ECDHE-PSK-AES256-CBC-SHA384</span><span style="font-family:Courier;font-size:14px">) and do not have anything to do with session resumption and thereby do not provide any performance enhancement.</span></div><div><span style="font-family:Courier;font-size:14px">Also, this PSK type ciphersuites are no longer valid for TLS 1.3.</span></div><div><span style="font-family:Courier;font-size:14px"><br></span></div><div><span style="font-family:Courier;font-size:14px"><br></span></div><div><span style="font-family:Courier;font-size:14px">Thanks</span></div><div><span style="font-family:Courier;font-size:14px">BR,</span></div><div><span style="font-family:Courier;font-size:14px">Neetish</span></div>
<div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="gmail-HOEnZb"><font color="#888888">
Matt<br>
<br>
<br>
--<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/<wbr>mailman/listinfo/openssl-users</a><br>
</font></span></blockquote></div><br></div></div>