[openssl-users] TLS 1.3 PSK test server setup

Matt Caswell matt at openssl.org
Wed Feb 14 23:14:05 UTC 2018

On 14/02/18 19:39, Hubert Kario wrote:
> How to start current master branch OpenSSL so that it will support static PSK 
> key exchange in TLS1.3?
> with client running as:
> openssl s_client -psk 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> I've tried:
> openssl s_server -psk 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -nocert
> that produces
> 139823110240000:error:14201076:SSL routines:tls_choose_sigalg:no suitable 
> signature algorithm:ssl/t1_lib.c:2433:
> and a handshake_failure alert sent to client
> and I've also tried
> openssl s_server -psk 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa -cert 
> cert.pem -key key.pem
> (where cert and key pem are just self signed RSA cert and key)

For a PSK to be used in needs to be the correct length for the selected
ciphersuite. The ciphersuite is selected *first*. Next the available
PSKs are checked to see if they are usable with that ciphersuite.

By default s_client talking to s_server will select
TLS13-AES-256-GCM-SHA384. Because this is based on SHA384 we need a key
which is 48 bytes long (96 hex digits). Your key is 32 bytes long (64
hex digits) so the PSK is ignored.


More information about the openssl-users mailing list