Using PSKs with openssl app.

Phil Neumiller pneumiller at directstream.com
Tue Nov 12 22:53:59 UTC 2019


H,

This is my method for using external PSKs with the openssl tool.  Does this
appear correct?  The application darta seems to be exchanged and if I change
a PSK it will fail.  I *think* this is correct...

Server side:

PSK=b2c9b9f57ef2fbbba8b624070b301d7f278f1b39c352d5fa849f85a3e7a3f77b 
openssl s_server -accept 8400  -tls1_3  -nocert -psk $PSK -ciphersuites
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

Client side:

PSK=b2c9b9f57ef2fbbba8b624070b301d7f278f1b39c352d5fa849f85a3e7a3f77b
openssl s_client -connect 127.0.0.1:8400 -tls1_3 -psk $PSK -tlsextdebug

Here are the hello messages that are exchanged:

TLSv1.3 Record Layer: Handshake Protocol: Client Hello
    Content Type: Handshake (22)
    Version: TLS 1.0 (0x0301)
    Length: 282
    Handshake Protocol: Client Hello
        Handshake Type: Client Hello (1)
        Length: 278
        Version: TLS 1.2 (0x0303)
        Random: d9cd1e44a462699f2a2f794a7fb3dd129b183d3c22183bab…
        Session ID Length: 32
        Session ID: 5525acf9be6afd90e7a7853405157bc21cda45bd708a65f9…
        Cipher Suites Length: 8
        Cipher Suites (4 suites)
        Compression Methods Length: 1
        Compression Methods (1 method)
        Extensions Length: 197
        Extension: ec_point_formats (len=4)
            Type: ec_point_formats (11)
            Length: 4
            EC point formats Length: 3
            Elliptic curves point formats (3)
        Extension: supported_groups (len=22)
            Type: supported_groups (10)
            Length: 22
            Supported Groups List Length: 20
            Supported Groups (10 groups)
        Extension: session_ticket (len=0)
            Type: session_ticket (35)
            Length: 0
            Data (0 bytes)
        Extension: encrypt_then_mac (len=0)
            Type: encrypt_then_mac (22)
            Length: 0
        Extension: extended_master_secret (len=0)
            Type: extended_master_secret (23)
            Length: 0
        Extension: signature_algorithms (len=30)
            Type: signature_algorithms (13)
            Length: 30
            Signature Hash Algorithms Length: 28
            Signature Hash Algorithms (14 algorithms)
        Extension: supported_versions (len=3)
            Type: supported_versions (43)
            Length: 3
            Supported Versions length: 2
            Supported Version: TLS 1.3 (0x0304)
        Extension: psk_key_exchange_modes (len=2)
            Type: psk_key_exchange_modes (45)
            Length: 2
            PSK Key Exchange Modes Length: 1
            PSK Key Exchange Mode: PSK with (EC)DHE key establishment
(psk_dhe_ke) (1)
        Extension: key_share (len=38)
            Type: key_share (51)
            Length: 38
            Key Share extension
                Client Key Share Length: 36
                Key Share Entry: Group: x25519, Key Exchange length: 32
                    Group: x25519 (29)
                    Key Exchange Length: 32
                    Key Exchange:
eb7a84e24c88e64c0032bbdba0485281702c7929d72d1417…
        Extension: pre_shared_key (len=58)
            Type: pre_shared_key (41)
            Length: 58
            Pre-Shared Key extension
                Identities Length: 21
                PSK Identity (length: 15)
                PSK Binders length: 33
                PSK Binders


TLSv1.3 Record Layer: Handshake Protocol: Server Hello
    Content Type: Handshake (22)
    Version: TLS 1.2 (0x0303)
    Length: 128
    Handshake Protocol: Server Hello
        Handshake Type: Server Hello (2)
        Length: 124
        Version: TLS 1.2 (0x0303)
        Random: 4b491c81e70b2ded5bb9d922009b9d8579f9c4415f067f9b…
        Session ID Length: 32
        Session ID: 5525acf9be6afd90e7a7853405157bc21cda45bd708a65f9…
        Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
        Compression Method: null (0)
        Extensions Length: 52
        Extension: supported_versions (len=2)
            Type: supported_versions (43)
            Length: 2
            Supported Version: TLS 1.3 (0x0304)
        Extension: key_share (len=36)
            Type: key_share (51)
            Length: 36
            Key Share extension
                Key Share Entry: Group: x25519, Key Exchange length: 32
                    Group: x25519 (29)
                    Key Exchange Length: 32
                    Key Exchange:
33f67b055f03bb7ce049dc4cb338569d015acc5911f3c55f…
        Extension: pre_shared_key (len=2)
            Type: pre_shared_key (41)
            Length: 2
            Pre-Shared Key extension
                Selected Identity: 0


Here is the client output:

➜  scripts git:(working) ✗ ./client  
CONNECTED(00000003)
TLS server extension "supported versions" (id=43), len=2
0000 - 03 04                                             ..
TLS server extension "key share" (id=51), len=36
0000 - 00 1d 00 20 cd c7 59 0b-f3 98 90 e0 34 bc 01 32   ... ..Y.....4..2
0010 - ed 86 cd 9c 9e e4 89 be-fe 3a 57 d0 68 c7 e5 5f   .........:W.h.._
0020 - fc c1 f5 2f                                       .../
TLS server extension "psk" (id=41), len=2
0000 - 00 00                                             ..
Can't use SSL_get_servername
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 225 bytes and written 351 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_CHACHA20_POLY1305_SHA256
    Session-ID:
CA31612F1DF0EC3BCF9CB77641FBB9C9E52DDD60E87DDB213D33B5A80B8AB1CD
    Session-ID-ctx: 
    Resumption PSK:
9BB195D4013A7B45176BD1B0BA04B9EF782E03F678A5373B68C659D24C06DCD7
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 304 (seconds)
    TLS session ticket:
    0000 - b2 b7 8d 84 0b 3c d7 9f-35 d1 2a a3 0a 1b 64 1f  
.....<..5.*...d.
    0010 - ba 0c b3 83 5e 3c 8b 83-3c 2a e3 f8 63 7b d7 0b  
....^<..<*..c{..
    0020 - 18 40 db 63 1e f7 df f4-2d 95 42 b8 08 be 47 2a  
. at .c....-.B...G*
    0030 - 75 5c 1f df 5f 0c ea 54-ec 9b e6 20 1c 74 d9 20   u\.._..T... .t. 
    0040 - a9 5c af 29 5f 8a cf 12-03 7c ef 4a b8 3f fe 04  
.\.)_....|.J.?..
    0050 - 49 cc 6d eb 18 3b c8 86-0b b9 ba 41 83 2d f8 da  
I.m..;.....A.-..
    0060 - 0d 16 68 f9 7e d9 e6 69-e2 6e e5 77 2e 9c 0a 1a  
..h.~..i.n.w....
    0070 - a4 3f b0 9d f4 f2 f4 67-13 22 b6 ac 94 0a dc b5  
.?.....g."......
    0080 - cf 0f b8 39 cb 64 00 42-6f 8f 03 b2 be c9 3b 13  
...9.d.Bo.....;.
    0090 - a7 a0 de e7 0c 29 d5 0e-2e 2d be 5e a4 a7 37 00  
.....)...-.^..7.
    00a0 - 00 4e c5 a8 e5 dd 31 ad-20 27 c9 b1 cd 57 ec c1   .N....1.
'...W..
    00b0 - b3 35 05 9b 2f ee 12 54-f7 2e 2f 65 d0 d5 5e d9  
.5../..T../e..^.

    Start Time: 1573598575
    Timeout   : 304 (sec)
    Verify return code: 1 (unspecified certificate verification error)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
213

➜  scripts git:(working) ✗ ./server2  
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHICAQECAgMEBAITAwQgq58EYhoHgoCQ2c5Vu6JK/6a4jSyMsKtSOaQkgy5Of/0E
IHEPU755SzYf7LVKFCel24+y2MYbjtZtJ/3ftEuPWyM3oQYCBF3LNRmiBAICATCk
BgQEAQAAAKUDAgEBrgYCBAGzBnI=
-----END SSL SESSION PARAMETERS-----
Shared
ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Supported Elliptic Groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared Elliptic groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_CHACHA20_POLY1305_SHA256
Reused session-id
Secure Renegotiation IS supported
ERROR
shutting down SSL
CONNECTION CLOSED
ERROR
C0:D5:15:08:01:00:00:00:error:SSL routines::binder does not
verify:ssl/statem/extensions.c:1614:
shutting down SSL
CONNECTION CLOSED
ERROR
C0:D5:15:08:01:00:00:00:error:SSL routines::binder does not
verify:ssl/statem/extensions.c:1614:
shutting down SSL
CONNECTION CLOSED
-----BEGIN SSL SESSION PARAMETERS-----
MHICAQECAgMEBAITAwQgGCCjChaAp/rv2yYw7BCn3x6AZy5JZocHzEhop5K0K3EE
IJuxldQBOntFF2vRsLoEue94LgP2eKU3O2jGWdJMBtzXoQYCBF3LNW+iBAICATCk
BgQEAQAAAKUDAgEBrgYCBDTrhfY=
-----END SSL SESSION PARAMETERS-----
Shared
ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Supported Elliptic Groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared Elliptic groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_CHACHA20_POLY1305_SHA256
Reused session-id
Secure Renegotiation IS supported
213






-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html


More information about the openssl-users mailing list