Differently named symbols between OpenSSL and RFC

Viktor Dukhovni openssl-users at dukhovni.org
Fri Nov 29 18:16:32 UTC 2019

On Thu, Nov 28, 2019 at 04:31:38PM -0800, J Decker wrote:

> from openssl/tls1.h 1.1.1b
> # define TLSEXT_TYPE_psk_kex_modes               45

This was added in 1.1.1-dev.

> pre_shared_key(41), psk_key_exchange_modes(45), are what the names should be
> based on, and that OpenSSL's definition is also inaccurate
>  TLSEXT_TYPE_psk_kex_modes
> instead of 'pre_shared_key' and 'key_exchange_modes'

The TLS RFCs do not define an API, they only define a wire protocol.

Implementations are free to use whatever names they see fit for the various RFC
code-points.  OpenSSL chose to abbreviate "key_exchange" to "kex" and
"pre_shared_key" to "psk".  The LibreSSL maintainers are free to make their own


More information about the openssl-users mailing list