[gnutls-devel] GnuTLS | OpenSSL IPv6 PSK Incompatibility (#683)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jan 24 00:14:53 CET 2019


New Issue was created.

Issue 683: https://gitlab.com/gnutls/gnutls/issues/683
Author:    Nathaniel McCallum
Assignee:  

I am unable to get GnuTLS and OpenSSL to play nicely together on IPv6. Here are the two commands:

```
$ cat tests/psk.txt 
foo:7df28f5439b5a051cc138b6e12128264

$ gnutls-serv -p 5000 --echo --priority NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=psk.txt
Warning: no private key and certificate pairs were set.
Echo Server listening on IPv4 0.0.0.0 port 5000...done
Echo Server listening on IPv6 :: port 5000...done

* Accepted connection from IPv6 ::1 port 57192 on Wed Jan 23 17:59:01 2019
Error in handshake: An illegal parameter has been received.
```

```
$ openssl s_client -connect [::1]:5000 -psk_identity foo -psk 7df28f5439b5a051cc138b6e12128264
CONNECTED(00000003)
139765944088384:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:ssl/record/rec_layer_s3.c:1528:SSL alert number 47
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 405 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/683
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190123/28c8a61b/attachment.html>


More information about the Gnutls-devel mailing list