You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In RFC 4279, the PSK identity is defined as "opaque psk_identity<0..2^16-1>". RFC 4279 link
However, in the ssl_srv.c, it is indicating that if the PSK identity length is < 1, to return an error of MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE.
in - ssl_srv.c - ssl_parse_client_psk_identity()
if( n < 1 || n > 65535 || *p + n > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); }
There are a few other places in code where it is checking for existence of an identity hint based on the length of the ssl->conf->psk_identity_len == 0 that may be suspect as well.
For security purposes some implementations utilizing TLS with a PSK based ciphersuite may not want to pass anything as a client identity. However, that is currently not possible with the server side implementation.
The text was updated successfully, but these errors were encountered:
In RFC 4279, the PSK identity is defined as "opaque psk_identity<0..2^16-1>". RFC 4279 link
However, in the ssl_srv.c, it is indicating that if the PSK identity length is < 1, to return an error of MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE.
in - ssl_srv.c - ssl_parse_client_psk_identity()
if( n < 1 || n > 65535 || *p + n > end ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client key exchange message" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE ); }
There are a few other places in code where it is checking for existence of an identity hint based on the length of the ssl->conf->psk_identity_len == 0 that may be suspect as well.
For security purposes some implementations utilizing TLS with a PSK based ciphersuite may not want to pass anything as a client identity. However, that is currently not possible with the server side implementation.
The text was updated successfully, but these errors were encountered: