[EXTERNAL] RE: Can OpenSSL handle multiple authentication mechanisms on the same SSL context?

[Revestual, Raffy [AUTOSOL/PSS/MNL]]

Thanks for the reply Michel! Looks like both SRP and PSK could co-exist on the same context.

I also just got this to work. The only quirk that made this work is that I had to set the maximum version of the TLS version to 1.2 from the client side via SSL_CTX_set_max_proto_version. This was a peculiar thing as if the binaries you're using has TLS 1.3 support( I'm on 1.1.1k and knowing SRP doesn't work anymore in 1.3) this might have messed something along the way.

Raffy

From: Michel <michel.sales at OnLine.fr>
Sent: Sunday, June 27, 2021 6:20 AM
To: openssl-users at openssl.org
Cc: Revestual, Raffy [AUTOSOL/PSS/MNL] <Raffy.Revestual at Emerson.com>
Subject: [EXTERNAL] RE: Can OpenSSL handle multiple authentication mechanisms on the same SSL context?


> We are trying to support a server that would support PSK and SRP authentication mechanisms.
[...]
> Would multiple callbacks for different mechanisms work simultaneously on the same SSL context?

My quick answer is Yes.
In a recent past I did some [multi-threaded] servers using both SRP and PSK on the same context and I don't recall having encountered any problem.
I believe it was OpenSSL  1.1.1f using TLS 1.2 under Windows 32bits.

Hope it helps,

Michel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210627/ac05983c/attachment.html>