[openssl-users] PSK generation for TLS 1.3

Neetish Pathak npathak2 at ncsu.edu
Mon Jul 3 21:24:49 UTC 2017

On Mon, Jul 3, 2017 at 2:11 AM, Matt Caswell <matt at openssl.org> wrote:

> On 30/06/17 22:18, Neetish Pathak wrote:
> > Hi All,
> > Can anyone provide me pointers on how can we generate external PSK to be
> > used inTLS 1.3.
> >
> > When I save a a session using SSL_CTX_sess_set_new_cb(), it provides an
> > in-band PSK for next resumption connection.
> > I use PEM_write_bio_SSL_SESSION to save the session.
> >
> >
> > How do we use PSK externally. Can I use the same session file which was
> > saved during in-band connection. I believe in case of an external PSK,
> > both client and server should have a copy in advance.
> Yes, you can do if you want - like you said you just need to make sure
> that the session file is used on both the client and the server.
> Alternatively you can "create" a new session file, e.g.
> s_server/s_client do it like this:
>         usesess = SSL_SESSION_new();
>         if (usesess == NULL
>                 || !SSL_SESSION_set1_master_key(usesess, key, key_len)
>                 || !SSL_SESSION_set_cipher(usesess, cipher)
>                 || !SSL_SESSION_set_protocol_version(usesess,
> TLS1_3_VERSION)) {
>             OPENSSL_free(key);
>             goto err;
>         }
> Thanks Matt. This is quite useful.
Just to clarify my understanding based on your comments, OpenSSL code  and
Draft for TLS 1.3/RFC for TLS1.2, please help me with following queries

1) So, when using external PSK (by creating the new session file), client
should mandatorily use SSL_CTX_set_psk_use_session_callback while server
should mandatorily use SSL_CTX_set_psk_find_session_callback.
They both should use a common key (psk_key) to generate the new session
file and this common key is the one shared in advance to both client and
server. From the OpenSSL code, this key is used as char * type. So does it
mean that any pre-decided string can be used as a key and it does not need
any format etc. Both client and server create sessions based on the key and
connect based on the created session?
In one of the examples, *strspn*(psk_key, "abcdefABCDEF1234567890") is
used. So, I believe I can use any hex value string of my choice as psk_key.

2) Also, from the man page , I found that PSK are used in TLS1.2 and lower
versions too and SSL_CTX_set_psk_server_callback and
are used to set callback there. PSK  identity and Pre shared key is set
there which can be used during the connection. It is also written that
these values are required when using PSK cipher-suites. So, is my
understanding correct that the role of PSK in version <= TLS1.2 is only for
using PSK ciphersuites (e.g: ECDHE-PSK-AES256-CBC-SHA384) and do not have
anything to do with session resumption and thereby do not provide any
performance enhancement.
Also, this PSK type ciphersuites are no longer valid for TLS 1.3.


> Matt
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170703/5f8729c0/attachment.html>

More information about the openssl-users mailing list