> On Nov 15, 2019, at 4:25 AM, Matt Caswell <matt@xxxxxxxxxxx> wrote: > > It might be nice if we added a new option "-pskmd" or similar which > enabled you to specify the md from the command line without having to > have a session file first. However that isn't currently possible. With a saved session there may actually be enough key material to arrive at non-trivial security. As it stands, the OP wrote: > PSK=63ef2024b1 > openssl s_client -tls1_3 -psk $PSK -connect :4433 -ciphersuites TLS_AES_256_GCM_SHA384 That 40-bit PSK does not provide much security. I would hope that "in real life" (simple tests aside) the PSKs will have non-trivial entropy. -- Viktor.
