[gnutls-devel] GnuTLS | OpenSSL IPv6 PSK Incompatibility (#683)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jan 24 00:14:53 CET 2019

New Issue was created.

Issue 683: https://gitlab.com/gnutls/gnutls/issues/683
Author:    Nathaniel McCallum

I am unable to get GnuTLS and OpenSSL to play nicely together on IPv6. Here are the two commands:

$ cat tests/psk.txt 

$ gnutls-serv -p 5000 --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=psk.txt
Warning: no private key and certificate pairs were set.
Echo Server listening on IPv4 port 5000...done
Echo Server listening on IPv6 :: port 5000...done

* Accepted connection from IPv6 ::1 port 57192 on Wed Jan 23 17:59:01 2019
Error in handshake: An illegal parameter has been received.

$ openssl s_client -connect [::1]:5000 -psk_identity foo -psk 7df28f5439b5a051cc138b6e12128264
139765944088384:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:ssl/record/rec_layer_s3.c:1528:SSL alert number 47
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 405 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/683
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190123/28c8a61b/attachment.html>

More information about the Gnutls-devel mailing list