s_client + PSK + pha

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

s_client + PSK + pha

Dmitry Belyavsky-3
Hello

I see strange behavior of openssl s_client in case of post-handshake authorization with PSK

command lines:
apps/openssl s_client -connect localhost:4433 -tls1_3 -4 -ciphersuites TLS_AES_128_GCM_SHA256 -psk $PSK -enable_pha -cert cert.pem -key key.pem -trace

apps/openssl s_server -accept 4433 -tls1_3 -4 -ciphersuites TLS_AES_128_GCM_SHA256 -psk $PSK -nocert -no_dhe -allow_no_dhe_kex -num_tickets 0 -Verify 3 -CAfile cert.pem -trace

I use self-signed certificates with 1.1.1b branch. when I interactively request the post-handshake authentification, the client sends empty certificate list. 

When I use the following command lines, everything is OK:
apps/openssl s_client -connect localhost:4433 -tls1_2 -4 -ciphersuites TLS_AES_128_GCM_SHA256 -cert cert.pem -key key.pem -trace -CAfile cert.pem

apps/openssl s_server -accept 4433 -tls1_2 -4 -ciphersuites TLS_AES_128_GCM_SHA256 
-Verify 3 -CAfile cert.pem -key key.pem -cert cert.pem -trace


--
SY, Dmitry Belyavsky

cert.pem (1K) Download Attachment
key.pem (2K) Download Attachment