[gnutls-help] gnutls-serv, PSK and documentation
mpg at polarssl.org
Fri Feb 28 16:38:31 CET 2014
The man page for gnutls-serv (3.2.11) says:
Let's also start a server with support for PSK. This would require a
password file created with psktool.
gnutls-serv --http --pskpasswd psk-passwd.txt
When I tried exactly that, I was unable to connect with a client offering only
PSK ciphersuites. To make it work, I had to explicitly enable the PSK key
exchange(s) using the --priority option.
It's no big deal, but I feel like the Examples section in the man page should
mention this, so that running exactly the command as printed works as expected.
I didn't test with anything else than PSK, but this may hold for other key
exchanges that aren't in NORMAL too, like SRP.
Also, though it's probably obvious, the description of the --priority option
could mention that the default value is NORMAL when the option is not used.
Another detail while at it: table 6.3 of
http://www.gnutls.org/manual/html_node/Priority-Strings.html doesn't mention
SHA384 as an option for MAC, though it seems to be supported.
More information about the Gnutls-help