On Mon, 2006-04-03 at 18:54 -0500, ext Jay Potter wrote: > Hi, > > I want to use the PreSharedKeys in TLS using AES-256 as specified in > RFC 4279. I would like to utilize this within a browser such as > FireFox. Anyone have any experience in this area to give me some > guidance what needs to be set up? Both my client and my server already > know what AES key to utilize so no certificates are necessary.
You can find some usage examples how PSK functions are used in files s_client.c and s_server.c located under the apps directory (assuming you have the PSK patched OpenSSL or latest sources from the CVS). Also see test/ssltest.c and test/testssl. Search for text "psk" so you can see the places where you should add or modify your own application. Typically you implement callback functions for PSK which will be called during the TLS connection establisment phase (see SSL_CTX_set_psk_server_callback/SSL_CTX_set_psk_client_callback in s_server.c/s_client.c and manual pages doc/ssl/*psk*). These callback functions return a value which tells TLS if the connection can proceed or not. Other PSK functions are used to set the PSK identity and identity hint used for the connection. Use option -debug when testing the s_client and s_server to see more details. I have written the PSK related code to these files for testing purposes, but I have not done any else major applications using PSK, so my experience is rather limited to give help on how to integrate this eg. to a browser. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
