PSK with TLSv1.3

Johannes Bauer dfnsonfsduifb at
Wed Oct 23 11:32:19 UTC 2019

On 23.10.19 11:24, Johannes Bauer wrote:

> All error checking omitted for now, this is obviously just a sample.
> When I try to connect to my server on the command line using s_client:
> $ openssl s_client -connect -psk_identity foo -psk 001122
> The server pukes:
> PSK server SSL 0x623000000100 identity foo len 3 sess (nil)
> 139933268309760:error:141F906E:SSL routines:tls_parse_ctos_psk:bad
> extension:../ssl/statem/extensions_srvr.c:1267:
> And I have no idea what that's supposed to mean.

One step further... I've peeked at s_server.c and copied some of that
code. I.e., concretely I now am at:

const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
const SSL_CIPHER *cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
if (!cipher) {
	return 0;
SSL_SESSION_set_cipher(sess, cipher);

But, uhm... this is positively terrifying code. Is this how it's
supposed to look, i.e., hard-coded magic numbers in the application?! Or
is that just the route s_server took and there's a preferred, better way?

In any case, while it throws a different error message now, it still
does not work:

PSK server SSL 0x62300000fd00 identity foo len 3 sess (nil)
140710464452352:error:14201076:SSL routines:tls_choose_sigalg:no
suitable signature algorithm:../ssl/t1_lib.c:2649:

I've never in the setup limited the signature algorithms and s_client
does not, either (when I peek at the ClientHello it advertises a whole
bunch of signature algorithms).

Any advice?
Thank you,

More information about the openssl-users mailing list