1

I'm working on an application where Key Server (K) generates a symmetrical key and shares it with Server(A) and Client(B). A and B connects via UDP. I'm using Memory BIOs, and was trying to use Cipher "PSK-AES128-CBC-SHA".

I have few questions related to this:

  1. When we have a symmetrical key should we still call SSL_do_handshake ?
  2. When I set the Cipher with this call SSL_CTX_set_cipher_list(context, "PSK-AES128-CBC-SHA"); I get an error SSL routines:ssl_cipher_list_to_bytes:no ciphers available

I tried using TLSV1_2_server_method, TLSV1_2_server_method, DTLS_server_method, DTLS_client_method but every method failed with the above error.

Is there any example code available for TLS-PSK encryption ? I couldn't find any good tutorial or example online.

I was referring to this article while doing this, but instead i'm using Memory BIOs https://bitbucket.org/tiebingzhang/tls-psk-server-client-example/src/783092f802383421cfa1088b0e7b804b39d3cf7c/psk_server.c?at=default&fileviewer=file-view-default

Dilhan Geeth
  • 187
  • 2
  • 11

1 Answers1

4

I can't tell you why the cipher doesn't exist. I can only assume that it doesn't exist in the version of openssl that you have or it has to be added to openssl to begin with.

Did you know that PSK support is build into tls1.3? If you use openssl 1.1.1 you can do PSK from the openssl command line.

Server:

# use a 48 byte PSK
$ PSK=63ef2024b1de6417f856fab7005d38f6df70b6c5e97c220060e2ea122c4fdd054555827ab229457c366b2dd4817ff38b 
$ openssl s_server -psk $PSK -cipher TLS13-AES-256-GCM-SHA384 -nocert -accept 2020

Client:

$ openssl s_client -psk $PSK -connect localhost:2020 
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 195 bytes and written 475 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS13-AES-256-GCM-SHA384
…

So I would recommend that you look up the source code for openssl 1.1.1 s_server and s_client commands to see a example of how to use PSK in tls1.3.

@xkcd

For openssl 3.0 and above the above commands don't work because of this issue.

Using openssl 3.1 I could not get it working with AES-256-GCM-SHA384, I think it's something to do with SHA384. Also in 3.0 and above you have to use the -ciphersuites option for v1.3 tls ciphers as -ciphers option is for up to 1.2 tls only now.

What I did to get this working is:

Server:

# use a 48 byte PSK
$ PSK=63ef2024b1de6417f856fab7005d38f6df70b6c5e97c220060e2ea122c4fdd054555827ab229457c366b2dd4817ff38b 
$ openssl s_server -psk $PSK -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -nocert -accept 2020

Client:

$ openssl s_client -psk $PSK -connect localhost:2020 -ciphersuites TLS_CHACHA20_POLY1305_SHA256
Shane Powell
  • 13,698
  • 2
  • 49
  • 61
  • Note: The above example doesn't work with openssl 3.0.2. I get the following output with this version: – xkcd May 19 '23 at 11:38
  • CONNECTED(00000003) 4027B93F347F0000:error:0A000410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1584:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 283 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)` – xkcd May 19 '23 at 11:38