Re: Why can't I force a specific cipher with the openssl app with TLS 1.3?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Matt, 

That works fine for 256 as you mentioned.  I trying to speak to a piece of
hardware that has one supported cipher, i.e. TLS_AES_256_GCM_SHA384.  I
tried the naive approach of 

PSK=63ef2024b1
openssl s_server -accept 4433 -tls1_3  -nocert -psk $PSK -sigalgs RSA+SHA384
-ciphersuites TLS_AES_256_GCM_SHA384

And the server starts up as it does with ECDSA+SHA384.  However, 

PSK=63ef2024b1
openssl s_client -tls1_3 -psk $PSK -connect :4433 -sigalgs RSA+SHA384
-ciphersuites TLS_AES_256_GCM_SHA384

Fails with invalid signature algorithm - which from your post I'm
interpreting as I need a session file.  The link you mentioned in your post
only describes the problem from the call back or API perspective and I was
really hoping to get this to work with something like:

openssl s_server -session_file fname ...

But when I follow that link it doesn't describe how to create the file.  I
seem to be misinterpreting something.

Thanks,

Phil




-----
Phillip Neumiller
Platform Engineering
Directstream, LLC
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux