Why can't I force a specific cipher with the openssl app with TLS 1.3?
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Nov 15 09:43:26 UTC 2019
> On Nov 15, 2019, at 4:25 AM, Matt Caswell <matt at openssl.org> wrote:
>
> It might be nice if we added a new option "-pskmd" or similar which
> enabled you to specify the md from the command line without having to
> have a session file first. However that isn't currently possible.
With a saved session there may actually be enough key material to
arrive at non-trivial security. As it stands, the OP wrote:
> PSK=63ef2024b1
> openssl s_client -tls1_3 -psk $PSK -connect :4433 -ciphersuites TLS_AES_256_GCM_SHA384
That 40-bit PSK does not provide much security. I would hope that
"in real life" (simple tests aside) the PSKs will have non-trivial
entropy.
--
Viktor.
More information about the openssl-users
mailing list