lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-28 00:21:48 +03:00
Code Activity

Enable support for psa opaque ECDHE-PSK key exchange on the server side

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
2022-04-14 08:33:29 +02:00
parent 19b80f8151
commit 14d11b0877
2 changed files with 31 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
programs/ssl/ssl_server2.c
View File

@ -2211,11 +2211,12 @@ int main( int argc, char *argv[] )
* the ciphersuite in advance to set the correct policy for the
* PSK key slot. This limitation might go away in the future. */
if( ( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK &&
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK ) ||
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK &&
ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ) ||
opt.min_version != MBEDTLS_SSL_MINOR_VERSION_3 )
{
mbedtls_printf( "opaque PSKs are only supported in conjunction \
with forcing TLS 1.2 and a PSK-only, RSA-PSK \
with forcing TLS 1.2 and a PSK-only, RSA-PSK, ECDHE-PSK \
ciphersuites through the 'force_ciphersuite' option.\n" );
ret = 2;
goto usage;