OpenSSL TLS/DTLS PSK The 2019 Stack Overflow Developer Survey Results Are InHow to create a self-signed certificate with OpenSSLHow to use openSSL with memory BIOs and non blocking socketsopenssl s_client and s_server cipher mismatchCan a TLS 1.2 server/client get by with just TLS_RSA_WITH_AES_128_CBC_SHA?SSLHandshakeException: Handshake failed on Android N/7.0How to get symmetric key generated by OpenSSL handshake in C++?Capturing client/server TLS version in Python requestsopenssl ciphers command showing cipher as SSL not TLSTLS-PSK support in cURLOpenssl: Proxy with transparent handshake
Did 3000BC Egyptians use meteoric iron weapons?
The difference between dialogue marks
What does ひと匙 mean in this manga and has it been used colloquially?
How to deal with fear of taking dependencies
Does a dangling wire really electrocute me if I'm standing in water?
How to type this arrow in math mode?
Which Sci-Fi work first showed weapon of galactic-scale mass destruction?
Apparent duplicates between Haynes service instructions and MOT
What is the closest word meaning "respect for time / mindful"
What do the Banks children have against barley water?
Why was M87 targetted for the Event Horizon Telescope instead of Sagittarius A*?
Why can Shazam fly?
Are there incongruent pythagorean triangles with the same perimeter and same area?
Is there any way to tell whether the shot is going to hit you or not?
Return to UK after being refused entry years previously
Am I thawing this London Broil safely?
What does Linus Torvalds mean when he says that Git "never ever" tracks a file?
FPGA - DIY Programming
How to support a colleague who finds meetings extremely tiring?
"as much details as you can remember"
Why did Acorn's A3000 have red function keys?
What is the motivation for a law requiring 2 parties to consent for recording a conversation
Earliest use of the term "Galois extension"?
Do these rules for Critical Successes and Critical Failures seem Fair?
OpenSSL TLS/DTLS PSK
The 2019 Stack Overflow Developer Survey Results Are InHow to create a self-signed certificate with OpenSSLHow to use openSSL with memory BIOs and non blocking socketsopenssl s_client and s_server cipher mismatchCan a TLS 1.2 server/client get by with just TLS_RSA_WITH_AES_128_CBC_SHA?SSLHandshakeException: Handshake failed on Android N/7.0How to get symmetric key generated by OpenSSL handshake in C++?Capturing client/server TLS version in Python requestsopenssl ciphers command showing cipher as SSL not TLSTLS-PSK support in cURLOpenssl: Proxy with transparent handshake
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I'm working on an application where Key Server (K) generates a symmetrical key and shares it with Server(A) and Client(B). A and B connects via UDP.
I'm using Memory BIOs, and was trying to use Cipher "PSK-AES128-CBC-SHA".
I have few questions related to this:
- When we have a symmetrical key should we still call SSL_do_handshake ?
- When I set the Cipher with this call
SSL_CTX_set_cipher_list(context, "PSK-AES128-CBC-SHA");I get an errorSSL routines:ssl_cipher_list_to_bytes:no ciphers available
I tried using TLSV1_2_server_method, TLSV1_2_server_method, DTLS_server_method, DTLS_client_method but every method failed with the above error.
Is there any example code available for TLS-PSK encryption ? I couldn't find any good tutorial or example online.
I was referring to this article while doing this, but instead i'm using Memory BIOs
https://bitbucket.org/tiebingzhang/tls-psk-server-client-example/src/783092f802383421cfa1088b0e7b804b39d3cf7c/psk_server.c?at=default&fileviewer=file-view-default
ssl openssl tls1.2 tls-psk
asked Mar 8 at 9:24
Dilhan GeethDilhan Geeth
1027
add a comment |
I'm working on an application where Key Server (K) generates a symmetrical key and shares it with Server(A) and Client(B). A and B connects via UDP.
I'm using Memory BIOs, and was trying to use Cipher "PSK-AES128-CBC-SHA".
I have few questions related to this:
- When we have a symmetrical key should we still call SSL_do_handshake ?
- When I set the Cipher with this call
SSL_CTX_set_cipher_list(context, "PSK-AES128-CBC-SHA");I get an errorSSL routines:ssl_cipher_list_to_bytes:no ciphers available
I tried using TLSV1_2_server_method, TLSV1_2_server_method, DTLS_server_method, DTLS_client_method but every method failed with the above error.
Is there any example code available for TLS-PSK encryption ? I couldn't find any good tutorial or example online.
I was referring to this article while doing this, but instead i'm using Memory BIOs
https://bitbucket.org/tiebingzhang/tls-psk-server-client-example/src/783092f802383421cfa1088b0e7b804b39d3cf7c/psk_server.c?at=default&fileviewer=file-view-default
ssl openssl tls1.2 tls-psk
asked Mar 8 at 9:24
Dilhan GeethDilhan Geeth
1027
add a comment |
I'm working on an application where Key Server (K) generates a symmetrical key and shares it with Server(A) and Client(B). A and B connects via UDP.
I'm using Memory BIOs, and was trying to use Cipher "PSK-AES128-CBC-SHA".
I have few questions related to this:
- When we have a symmetrical key should we still call SSL_do_handshake ?
- When I set the Cipher with this call
SSL_CTX_set_cipher_list(context, "PSK-AES128-CBC-SHA");I get an errorSSL routines:ssl_cipher_list_to_bytes:no ciphers available
I tried using TLSV1_2_server_method, TLSV1_2_server_method, DTLS_server_method, DTLS_client_method but every method failed with the above error.
Is there any example code available for TLS-PSK encryption ? I couldn't find any good tutorial or example online.
I was referring to this article while doing this, but instead i'm using Memory BIOs
https://bitbucket.org/tiebingzhang/tls-psk-server-client-example/src/783092f802383421cfa1088b0e7b804b39d3cf7c/psk_server.c?at=default&fileviewer=file-view-default
ssl openssl tls1.2 tls-psk
asked Mar 8 at 9:24
Dilhan GeethDilhan Geeth
1027
I'm working on an application where Key Server (K) generates a symmetrical key and shares it with Server(A) and Client(B). A and B connects via UDP.
I'm using Memory BIOs, and was trying to use Cipher "PSK-AES128-CBC-SHA".
I have few questions related to this:
- When we have a symmetrical key should we still call SSL_do_handshake ?
- When I set the Cipher with this call
SSL_CTX_set_cipher_list(context, "PSK-AES128-CBC-SHA");I get an errorSSL routines:ssl_cipher_list_to_bytes:no ciphers available
I tried using TLSV1_2_server_method, TLSV1_2_server_method, DTLS_server_method, DTLS_client_method but every method failed with the above error.
Is there any example code available for TLS-PSK encryption ? I couldn't find any good tutorial or example online.
I was referring to this article while doing this, but instead i'm using Memory BIOs
https://bitbucket.org/tiebingzhang/tls-psk-server-client-example/src/783092f802383421cfa1088b0e7b804b39d3cf7c/psk_server.c?at=default&fileviewer=file-view-default
ssl openssl tls1.2 tls-psk
ssl openssl tls1.2 tls-psk
asked Mar 8 at 9:24
Dilhan GeethDilhan Geeth
1027
asked Mar 8 at 9:24
Dilhan GeethDilhan Geeth
1027
asked Mar 8 at 9:24
Dilhan GeethDilhan Geeth
1027
asked Mar 8 at 9:24
Dilhan GeethDilhan Geeth
1027
asked Mar 8 at 9:24
Dilhan GeethDilhan Geeth
1027
1027
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I can't tell you why the cipher doesn't exist. I can only assume that it doesn't exist in the version of openssl that you have or it has to be added to openssl to begin with.
Did you know that PSK support is build into tls1.3? If you use openssl 1.1.1 you can do PSK from the openssl command line.
Server:
# use a 48 byte PSK
$ PSK=63ef2024b1de6417f856fab7005d38f6df70b6c5e97c220060e2ea122c4fdd054555827ab229457c366b2dd4817ff38b
$ openssl s_server -psk $PSK -cipher TLS13-AES-256-GCM-SHA384 -nocert -accept 2020
Client:
$ openssl s_client -psk $PSK -connect localhost:2020
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 195 bytes and written 475 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS13-AES-256-GCM-SHA384
…
So I would recommend that you look up the source code for openssl 1.1.1 s_server and s_client commands to see a example of how to use PSK in tls1.3.
answered Mar 13 at 20:56
Shane PowellShane Powell
9,71523950
Thanks, I'm looking in to this possibility. Although this doesn't completely answer my query. I'll still accept it because it definitely gave me some insights.
– Dilhan Geeth
Mar 22 at 5:39
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55060165%2fopenssl-tls-dtls-psk%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I can't tell you why the cipher doesn't exist. I can only assume that it doesn't exist in the version of openssl that you have or it has to be added to openssl to begin with.
Did you know that PSK support is build into tls1.3? If you use openssl 1.1.1 you can do PSK from the openssl command line.
Server:
# use a 48 byte PSK
$ PSK=63ef2024b1de6417f856fab7005d38f6df70b6c5e97c220060e2ea122c4fdd054555827ab229457c366b2dd4817ff38b
$ openssl s_server -psk $PSK -cipher TLS13-AES-256-GCM-SHA384 -nocert -accept 2020
Client:
$ openssl s_client -psk $PSK -connect localhost:2020
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 195 bytes and written 475 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS13-AES-256-GCM-SHA384
…
So I would recommend that you look up the source code for openssl 1.1.1 s_server and s_client commands to see a example of how to use PSK in tls1.3.
answered Mar 13 at 20:56
Shane PowellShane Powell
9,71523950
Thanks, I'm looking in to this possibility. Although this doesn't completely answer my query. I'll still accept it because it definitely gave me some insights.
– Dilhan Geeth
Mar 22 at 5:39
add a comment |
I can't tell you why the cipher doesn't exist. I can only assume that it doesn't exist in the version of openssl that you have or it has to be added to openssl to begin with.
Did you know that PSK support is build into tls1.3? If you use openssl 1.1.1 you can do PSK from the openssl command line.
Server:
# use a 48 byte PSK
$ PSK=63ef2024b1de6417f856fab7005d38f6df70b6c5e97c220060e2ea122c4fdd054555827ab229457c366b2dd4817ff38b
$ openssl s_server -psk $PSK -cipher TLS13-AES-256-GCM-SHA384 -nocert -accept 2020
Client:
$ openssl s_client -psk $PSK -connect localhost:2020
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 195 bytes and written 475 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS13-AES-256-GCM-SHA384
…
So I would recommend that you look up the source code for openssl 1.1.1 s_server and s_client commands to see a example of how to use PSK in tls1.3.
answered Mar 13 at 20:56
Shane PowellShane Powell
9,71523950
Thanks, I'm looking in to this possibility. Although this doesn't completely answer my query. I'll still accept it because it definitely gave me some insights.
– Dilhan Geeth
Mar 22 at 5:39
add a comment |
I can't tell you why the cipher doesn't exist. I can only assume that it doesn't exist in the version of openssl that you have or it has to be added to openssl to begin with.
Did you know that PSK support is build into tls1.3? If you use openssl 1.1.1 you can do PSK from the openssl command line.
Server:
# use a 48 byte PSK
$ PSK=63ef2024b1de6417f856fab7005d38f6df70b6c5e97c220060e2ea122c4fdd054555827ab229457c366b2dd4817ff38b
$ openssl s_server -psk $PSK -cipher TLS13-AES-256-GCM-SHA384 -nocert -accept 2020
Client:
$ openssl s_client -psk $PSK -connect localhost:2020
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 195 bytes and written 475 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS13-AES-256-GCM-SHA384
…
So I would recommend that you look up the source code for openssl 1.1.1 s_server and s_client commands to see a example of how to use PSK in tls1.3.
answered Mar 13 at 20:56
Shane PowellShane Powell
9,71523950
I can't tell you why the cipher doesn't exist. I can only assume that it doesn't exist in the version of openssl that you have or it has to be added to openssl to begin with.
Did you know that PSK support is build into tls1.3? If you use openssl 1.1.1 you can do PSK from the openssl command line.
Server:
# use a 48 byte PSK
$ PSK=63ef2024b1de6417f856fab7005d38f6df70b6c5e97c220060e2ea122c4fdd054555827ab229457c366b2dd4817ff38b
$ openssl s_server -psk $PSK -cipher TLS13-AES-256-GCM-SHA384 -nocert -accept 2020
Client:
$ openssl s_client -psk $PSK -connect localhost:2020
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 195 bytes and written 475 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS13-AES-256-GCM-SHA384
…
So I would recommend that you look up the source code for openssl 1.1.1 s_server and s_client commands to see a example of how to use PSK in tls1.3.
answered Mar 13 at 20:56
Shane PowellShane Powell
9,71523950
answered Mar 13 at 20:56
Shane PowellShane Powell
9,71523950
answered Mar 13 at 20:56
Shane PowellShane Powell
9,71523950
answered Mar 13 at 20:56
Shane PowellShane Powell
9,71523950
9,71523950
Thanks, I'm looking in to this possibility. Although this doesn't completely answer my query. I'll still accept it because it definitely gave me some insights.
– Dilhan Geeth
Mar 22 at 5:39
add a comment |
Thanks, I'm looking in to this possibility. Although this doesn't completely answer my query. I'll still accept it because it definitely gave me some insights.
– Dilhan Geeth
Mar 22 at 5:39
Thanks, I'm looking in to this possibility. Although this doesn't completely answer my query. I'll still accept it because it definitely gave me some insights.
– Dilhan Geeth
Mar 22 at 5:39
Thanks, I'm looking in to this possibility. Although this doesn't completely answer my query. I'll still accept it because it definitely gave me some insights.
– Dilhan Geeth
Mar 22 at 5:39
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55060165%2fopenssl-tls-dtls-psk%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
