[gnutls-help] gnutls-serv, PSK and documentation

Manuel Pégourié-Gonnard mpg at polarssl.org
Fri Feb 28 16:38:31 CET 2014


The man page for gnutls-serv (3.2.11) says:

       Let's also start a server with support for PSK. This would require a
       password file created with psktool.

           gnutls-serv --http             --pskpasswd psk-passwd.txt

When I tried exactly that, I was unable to connect with a client offering only
PSK ciphersuites. To make it work, I had to explicitly enable the PSK key
exchange(s) using the --priority option.

It's no big deal, but I feel like the Examples section in the man page should
mention this, so that running exactly the command as printed works as expected.
I didn't test with anything else than PSK, but this may hold for other key
exchanges that aren't in NORMAL too, like SRP.

Also, though it's probably obvious, the description of the --priority option
could mention that the default value is NORMAL when the option is not used.
Another detail while at it: table 6.3 of
http://www.gnutls.org/manual/html_node/Priority-Strings.html doesn't mention
SHA384 as an option for MAC, though it seems to be supported.


More information about the Gnutls-help mailing list