psk based TLS with openssl #231
Comments
|
PSK means "pre-shared key" which means that it's on you to ensure that both ends have the same pre-shared key. It sounds like you are using "afakekey" on one side and 1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A on the other, which is naturally not going to work. Of course, neither "afakekey" nor 1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A are acceptable keys outside a test environment, as this key must be secret. Embedding a key into your client binary would also not be acceptable in most circumstances as anyone who can download the binary can just extract it. PSK is very rarely what you actually want. |
|
Hi david, |
|
OpenSSL appears to decode your argument as hex whereas String.getBytes won't. Try new byte[]{ 0x1a, 0x1a, 0x1a, (etc)}. |
|
Thanks much, this solved my issue. |
Hi,
I'm trying to use a conscrypt based client to establish a TLS tunnel using psk.
I was able to access pskKeyManager via reflection (as you guys did in your unit test).
The TLS tunnel fails, here is the error message I have at openssl level :
I'm suspecting this area of the code ,
I don't know what to use as algorithm in the second argument.
here is my openssl test server configuration
openssl s_server \ -psk 1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A \ -psk_hint Client_identity\ -cipher PSK-AES256-CBC-SHA \ -debug -state -nocert -accept 10443 -tls1 -wwwAny hint ??
Thanks in advance
The text was updated successfully, but these errors were encountered: