1

Basically my implementation already works. I have made my own "custom" PSKTlsServer class and handshake works well.

However, I did notice that my ServerHello message does not contain a session ID and the session ID length is also 00.

Looking at the source code, a comment block says: "The server may return an empty session_id to indicate that the session will not be cached and therefore cannot be resumed"

Note: I am using the BouncyCastle API.

Expected Results:

16 03 03 00 55 02 00 00 4D 03 03 5C 49 DE 78 70 07 89 
8D 0A 97 31 D3 41 50 2B 90 8F 9E 3F 0A 15 46 56 
9D 73 7E 12 6F 5C B1 C8 15 20 EE 4B A6 F2 01 C3 
C1 44 23 78 6E B6 9B 6E DA 0E 50 39 CF CD 5C 08 
FA E9 ED 7C AF D0 01 8B FD E3 00 8C 00 00 05 00 
01 00 01 01 0E 00 00 00 37 01 00

Actual Results:

16 03 03 00 31 02 00 00 2D 03 03 07 C3 AE 45 DD F4 26
6C 47 B4 B6 A5 E1 AB DC BD B5 18 B8 BD 76 84 98
9E 7D 18 D7 10 FB 45 4D 3C 00 00 8C 00 00 05 00
01 00 01 01 37 01 00

Actual results are noticeably shorter since session ID is missing.

Suraj Kumar
  • 5,547
  • 8
  • 20
  • 42
Josh
  • 11
  • 2
  • They don't implement session caching, so they have no way to do session resumption, so that is the correct behavior. You will have to implement it yourself if you want it. You might also consider session tickets as an alternative, but again you'll have to implement those yourself. – President James K. Polk Jan 25 '19 at 23:22
  • @JamesKPolk hey thanks a lot. Checked the source code as well and seems like they don't, just wanted to confirm with some of the more experienced developers on here. Could it be possible for you to post this as answer? I'll gladly accept it. :) – Josh Jan 28 '19 at 01:37
  • Does any one has idea on any library that could be used to integrate the feature of session in TLS-PSK bouncy castle easily ? Instead of writing code inside the bouncy castle library, if there is option of using an existing framework ? – kapil May 16 '19 at 08:12

0 Answers0