Re: TLS 1.3 PSK test server setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 14/02/18 23:33, Viktor Dukhovni wrote:
> 
> 
>> On Feb 14, 2018, at 6:14 PM, Matt Caswell <matt@xxxxxxxxxxx> wrote:
>>
>> For a PSK to be used in needs to be the correct length for the selected
>> ciphersuite. The ciphersuite is selected *first*. Next the available
>> PSKs are checked to see if they are usable with that ciphersuite.
> 
> Is that (choosing the cipher first) correct behaviour?  If the server
> is given a specific certificate it limits its ciphers to those that
> are compatible with the certificate's public key. It seems to me that
> "-psk" should not be different.  If we are doing PSK, we should likely
> filter the ciphers to those that work with the supplied PSK first.
> 

As pointed out by Hubert in #5378 this is in accordance with the
recommendations in the spec:

   "Implementor's note: the most straightforward way to implement the
   PSK/cipher suite matching requirements is to negotiate the cipher
   suite first and then exclude any incompatible PSKs.  Any unknown PSKs
   (e.g., they are not in the PSK database or are encrypted with an
   unknown key) SHOULD simply be ignored.  If no acceptable PSKs are
   found, the server SHOULD perform a non-PSK handshake if possible."


Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux