H,
This is my method for using external PSKs with the openssl tool. Does this
appear correct? The application darta seems to be exchanged and if I change
a PSK it will fail. I *think* this is correct...
Server side:
PSK=b2c9b9f57ef2fbbba8b624070b301d7f278f1b39c352d5fa849f85a3e7a3f77b
openssl s_server -accept 8400 -tls1_3 -nocert -psk $PSK -ciphersuites
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Client side:
PSK=b2c9b9f57ef2fbbba8b624070b301d7f278f1b39c352d5fa849f85a3e7a3f77b
openssl s_client -connect 127.0.0.1:8400 -tls1_3 -psk $PSK -tlsextdebug
Here are the hello messages that are exchanged:
TLSv1.3 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 282
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 278
Version: TLS 1.2 (0x0303)
Random: d9cd1e44a462699f2a2f794a7fb3dd129b183d3c22183bab…
Session ID Length: 32
Session ID: 5525acf9be6afd90e7a7853405157bc21cda45bd708a65f9…
Cipher Suites Length: 8
Cipher Suites (4 suites)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 197
Extension: ec_point_formats (len=4)
Type: ec_point_formats (11)
Length: 4
EC point formats Length: 3
Elliptic curves point formats (3)
Extension: supported_groups (len=22)
Type: supported_groups (10)
Length: 22
Supported Groups List Length: 20
Supported Groups (10 groups)
Extension: session_ticket (len=0)
Type: session_ticket (35)
Length: 0
Data (0 bytes)
Extension: encrypt_then_mac (len=0)
Type: encrypt_then_mac (22)
Length: 0
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: signature_algorithms (len=30)
Type: signature_algorithms (13)
Length: 30
Signature Hash Algorithms Length: 28
Signature Hash Algorithms (14 algorithms)
Extension: supported_versions (len=3)
Type: supported_versions (43)
Length: 3
Supported Versions length: 2
Supported Version: TLS 1.3 (0x0304)
Extension: psk_key_exchange_modes (len=2)
Type: psk_key_exchange_modes (45)
Length: 2
PSK Key Exchange Modes Length: 1
PSK Key Exchange Mode: PSK with (EC)DHE key establishment
(psk_dhe_ke) (1)
Extension: key_share (len=38)
Type: key_share (51)
Length: 38
Key Share extension
Client Key Share Length: 36
Key Share Entry: Group: x25519, Key Exchange length: 32
Group: x25519 (29)
Key Exchange Length: 32
Key Exchange:
eb7a84e24c88e64c0032bbdba0485281702c7929d72d1417…
Extension: pre_shared_key (len=58)
Type: pre_shared_key (41)
Length: 58
Pre-Shared Key extension
Identities Length: 21
PSK Identity (length: 15)
PSK Binders length: 33
PSK Binders
TLSv1.3 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 128
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 124
Version: TLS 1.2 (0x0303)
Random: 4b491c81e70b2ded5bb9d922009b9d8579f9c4415f067f9b…
Session ID Length: 32
Session ID: 5525acf9be6afd90e7a7853405157bc21cda45bd708a65f9…
Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303)
Compression Method: null (0)
Extensions Length: 52
Extension: supported_versions (len=2)
Type: supported_versions (43)
Length: 2
Supported Version: TLS 1.3 (0x0304)
Extension: key_share (len=36)
Type: key_share (51)
Length: 36
Key Share extension
Key Share Entry: Group: x25519, Key Exchange length: 32
Group: x25519 (29)
Key Exchange Length: 32
Key Exchange:
33f67b055f03bb7ce049dc4cb338569d015acc5911f3c55f…
Extension: pre_shared_key (len=2)
Type: pre_shared_key (41)
Length: 2
Pre-Shared Key extension
Selected Identity: 0
Here is the client output:
➜ scripts git:(working) ✗ ./client
CONNECTED(00000003)
TLS server extension "supported versions" (id=43), len=2
0000 - 03 04 ..
TLS server extension "key share" (id=51), len=36
0000 - 00 1d 00 20 cd c7 59 0b-f3 98 90 e0 34 bc 01 32 ... ..Y.....4..2
0010 - ed 86 cd 9c 9e e4 89 be-fe 3a 57 d0 68 c7 e5 5f .........:W.h.._
0020 - fc c1 f5 2f .../
TLS server extension "psk" (id=41), len=2
0000 - 00 00 ..
Can't use SSL_get_servername
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 225 bytes and written 351 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256
Secure Renegotiation IS NOT supported
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_CHACHA20_POLY1305_SHA256
Session-ID:
CA31612F1DF0EC3BCF9CB77641FBB9C9E52DDD60E87DDB213D33B5A80B8AB1CD
Session-ID-ctx:
Resumption PSK:
9BB195D4013A7B45176BD1B0BA04B9EF782E03F678A5373B68C659D24C06DCD7
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 304 (seconds)
TLS session ticket:
0000 - b2 b7 8d 84 0b 3c d7 9f-35 d1 2a a3 0a 1b 64 1f
.....<..5.*...d.
0010 - ba 0c b3 83 5e 3c 8b 83-3c 2a e3 f8 63 7b d7 0b
....^<..<*..c{..
0020 - 18 40 db 63 1e f7 df f4-2d 95 42 b8 08 be 47 2a
.@.c....-.B...G*
0030 - 75 5c 1f df 5f 0c ea 54-ec 9b e6 20 1c 74 d9 20 u\.._..T... .t.
0040 - a9 5c af 29 5f 8a cf 12-03 7c ef 4a b8 3f fe 04
.\.)_....|.J.?..
0050 - 49 cc 6d eb 18 3b c8 86-0b b9 ba 41 83 2d f8 da
I.m..;.....A.-..
0060 - 0d 16 68 f9 7e d9 e6 69-e2 6e e5 77 2e 9c 0a 1a
..h.~..i.n.w....
0070 - a4 3f b0 9d f4 f2 f4 67-13 22 b6 ac 94 0a dc b5
.?.....g."......
0080 - cf 0f b8 39 cb 64 00 42-6f 8f 03 b2 be c9 3b 13
...9.d.Bo.....;.
0090 - a7 a0 de e7 0c 29 d5 0e-2e 2d be 5e a4 a7 37 00
.....)...-.^..7.
00a0 - 00 4e c5 a8 e5 dd 31 ad-20 27 c9 b1 cd 57 ec c1 .N....1.
'...W..
00b0 - b3 35 05 9b 2f ee 12 54-f7 2e 2f 65 d0 d5 5e d9
.5../..T../e..^.
Start Time: 1573598575
Timeout : 304 (sec)
Verify return code: 1 (unspecified certificate verification error)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
213
➜ scripts git:(working) ✗ ./server2
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MHICAQECAgMEBAITAwQgq58EYhoHgoCQ2c5Vu6JK/6a4jSyMsKtSOaQkgy5Of/0E
IHEPU755SzYf7LVKFCel24+y2MYbjtZtJ/3ftEuPWyM3oQYCBF3LNRmiBAICATCk
BgQEAQAAAKUDAgEBrgYCBAGzBnI=
-----END SSL SESSION PARAMETERS-----
Shared
ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Supported Elliptic Groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared Elliptic groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_CHACHA20_POLY1305_SHA256
Reused session-id
Secure Renegotiation IS supported
ERROR
shutting down SSL
CONNECTION CLOSED
ERROR
C0:D5:15:08:01:00:00:00:error:SSL routines::binder does not
verify:ssl/statem/extensions.c:1614:
shutting down SSL
CONNECTION CLOSED
ERROR
C0:D5:15:08:01:00:00:00:error:SSL routines::binder does not
verify:ssl/statem/extensions.c:1614:
shutting down SSL
CONNECTION CLOSED
-----BEGIN SSL SESSION PARAMETERS-----
MHICAQECAgMEBAITAwQgGCCjChaAp/rv2yYw7BCn3x6AZy5JZocHzEhop5K0K3EE
IJuxldQBOntFF2vRsLoEue94LgP2eKU3O2jGWdJMBtzXoQYCBF3LNW+iBAICATCk
BgQEAQAAAKUDAgEBrgYCBDTrhfY=
-----END SSL SESSION PARAMETERS-----
Shared
ciphers:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
Supported Elliptic Groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
Shared Elliptic groups:
X25519:P-256:X448:P-521:P-384:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
CIPHER is TLS_CHACHA20_POLY1305_SHA256
Reused session-id
Secure Renegotiation IS supported
213
-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
