Hi Matt, That works fine for 256 as you mentioned. I trying to speak to a piece of hardware that has one supported cipher, i.e. TLS_AES_256_GCM_SHA384. I tried the naive approach of PSK=63ef2024b1 openssl s_server -accept 4433 -tls1_3 -nocert -psk $PSK -sigalgs RSA+SHA384 -ciphersuites TLS_AES_256_GCM_SHA384 And the server starts up as it does with ECDSA+SHA384. However, PSK=63ef2024b1 openssl s_client -tls1_3 -psk $PSK -connect :4433 -sigalgs RSA+SHA384 -ciphersuites TLS_AES_256_GCM_SHA384 Fails with invalid signature algorithm - which from your post I'm interpreting as I need a session file. The link you mentioned in your post only describes the problem from the call back or API perspective and I was really hoping to get this to work with something like: openssl s_server -session_file fname ... But when I follow that link it doesn't describe how to create the file. I seem to be misinterpreting something. Thanks, Phil ----- Phillip Neumiller Platform Engineering Directstream, LLC -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
