I'm working on an application where Key Server (K) generates a symmetrical key and shares it with Server(A) and Client(B). A and B connects via UDP. I'm using Memory BIOs, and was trying to use Cipher "PSK-AES128-CBC-SHA".
I have few questions related to this:
- When we have a symmetrical key should we still call SSL_do_handshake ?
- When I set the Cipher with this call
SSL_CTX_set_cipher_list(context, "PSK-AES128-CBC-SHA");I get an errorSSL routines:ssl_cipher_list_to_bytes:no ciphers available
I tried using TLSV1_2_server_method, TLSV1_2_server_method, DTLS_server_method, DTLS_client_method but every method failed with the above error.
Is there any example code available for TLS-PSK encryption ? I couldn't find any good tutorial or example online.
I was referring to this article while doing this, but instead i'm using Memory BIOs https://bitbucket.org/tiebingzhang/tls-psk-server-client-example/src/783092f802383421cfa1088b0e7b804b39d3cf7c/psk_server.c?at=default&fileviewer=file-view-default
I can't tell you why the cipher doesn't exist. I can only assume that it doesn't exist in the version of openssl that you have or it has to be added to openssl to begin with.
Did you know that PSK support is build into tls1.3? If you use openssl 1.1.1 you can do PSK from the openssl command line.
Server:
Client:
So I would recommend that you look up the source code for openssl 1.1.1 s_server and s_client commands to see a example of how to use PSK in tls1.3.
@xkcd
For openssl 3.0 and above the above commands don't work because of this issue.
Using openssl 3.1 I could not get it working with AES-256-GCM-SHA384, I think it's something to do with SHA384. Also in 3.0 and above you have to use the -ciphersuites option for v1.3 tls ciphers as -ciphers option is for up to 1.2 tls only now.
What I did to get this working is:
Server:
Client: