-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
psk based TLS with openssl #231
Comments
PSK means "pre-shared key" which means that it's on you to ensure that both ends have the same pre-shared key. It sounds like you are using "afakekey" on one side and 1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A on the other, which is naturally not going to work. Of course, neither "afakekey" nor 1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A are acceptable keys outside a test environment, as this key must be secret. Embedding a key into your client binary would also not be acceptable in most circumstances as anyone who can download the binary can just extract it. PSK is very rarely what you actually want. |
Hi david, |
OpenSSL appears to decode your argument as hex whereas String.getBytes won't. Try new byte[]{ 0x1a, 0x1a, 0x1a, (etc)}. |
Thanks much, this solved my issue. |
Hi,
I'm trying to use a conscrypt based client to establish a TLS tunnel using psk.
I was able to access pskKeyManager via reflection (as you guys did in your unit test).
The TLS tunnel fails, here is the error message I have at openssl level :
I'm suspecting this area of the code ,
I don't know what to use as algorithm in the second argument.
here is my openssl test server configuration
openssl s_server \ -psk 1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A \ -psk_hint Client_identity\ -cipher PSK-AES256-CBC-SHA \ -debug -state -nocert -accept 10443 -tls1 -www
Any hint ??
Thanks in advance
The text was updated successfully, but these errors were encountered: