PSK with TLSv1.3

Matt Caswell matt at
Wed Oct 23 19:09:55 UTC 2019

On 23/10/2019 12:32, Johannes Bauer wrote:
> One step further... I've peeked at s_server.c and copied some of that
> code. I.e., concretely I now am at:
> const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
> const SSL_CIPHER *cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
> if (!cipher) {
> 	return 0;
> }
> SSL_SESSION_set_cipher(sess, cipher);
> But, uhm... this is positively terrifying code. Is this how it's
> supposed to look, i.e., hard-coded magic numbers in the application?! Or
> is that just the route s_server took and there's a preferred, better way?

Unfortunately the only way we have for getting hold of a single
SSL_CIPHER object is to use the SSL_CIPHER_find() function. You can also
get the list of ciphers configured for a particular SSL object or
SSL_CTX....but you that's an even worse way of getting hold of a single
SSL_CIPHER. It would be nice to have a function to get hold of an
SSL_CIPHER based on its name and a function to get hold of one based on
its id as defined in the tls1.h, e.g. TLS1_3_CK_AES_256_GCM_SHA384 - but
at the moment such a function doesn't exist.

> In any case, while it throws a different error message now, it still
> does not work:
> PSK server SSL 0x62300000fd00 identity foo len 3 sess (nil)
> 140710464452352:error:14201076:SSL routines:tls_choose_sigalg:no
> suitable signature algorithm:../ssl/t1_lib.c:2649:
> I've never in the setup limited the signature algorithms and s_client
> does not, either (when I peek at the ClientHello it advertises a whole
> bunch of signature algorithms).

Since you're using PSKs I'm guessing you haven't set up a certificate.
If no suitable PSK has been found then OpenSSL will press ahead and
attempt to do an "initial" handshake with a certificate. It gets so far
and attempts to find a signature algorithm to use that is in the list of
signature algorithms presented by the client, as well as in the list of
signature algorithms configured for the server, and *also* is suitable
for use with one of the certificates configured for use by the server.
If there are no certificates configured then there is no signature
algorithm that can match these criteria, and you will get this error


More information about the openssl-users mailing list