[openssl-users] TLS 1.3 PSK test server setup

Hubert Kario hkario at redhat.com
Wed Feb 14 19:39:45 UTC 2018

How to start current master branch OpenSSL so that it will support static PSK 
key exchange in TLS1.3?

with client running as:
openssl s_client -psk 

I've tried:
openssl s_server -psk 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -nocert

that produces
139823110240000:error:14201076:SSL routines:tls_choose_sigalg:no suitable 
signature algorithm:ssl/t1_lib.c:2433:
and a handshake_failure alert sent to client

and I've also tried
openssl s_server -psk 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -cert 
cert.pem -key key.pem
(where cert and key pem are just self signed RSA cert and key)

that establishes a TLS1.3 connection, but the ServerHello does not include 
pre_shared_key extension, just 43 (selected version) and 51 (key share), so 
the PSK mode was not used

connecting with s_client -tls1_2 a PSK cipher is selected (DHE-PSK-AES256-GCM-
SHA384) and in TLS1.3 I see both the pre_shared_key extension and the 
psk_key_exchange_modes extension in client hello, so I'm really confused why 
it doesn't work.

Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180214/6de391ac/attachment.sig>

More information about the openssl-users mailing list