Hi Ivan,

It may help to up the debug output level for s_server to see what it
thinks is wrong.

My guess is the cipher suite. The defaults offered by PskTlsClient are only:
    TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
    TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA


So try one of those first to maybe get things working.

If you're set on the ChaCha20 cipher suite, you could subclass
PskTlsClient and override GetCipherSuites to choose which to offer, and
include:
    CipherSuite.DRAFT_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256

The naming implies we implemented it when RFC 7905 was still
draft-ietf-tls-chacha20-poly1305-04. I think though that it is
compatible with the final specification.

Regards,
Pete Dettman

On 20/11/20 6:53 pm, Ivan Zanolla wrote:
> Hi,
> 
> At the moment the server side is not implemented yet, there is a stub on
> my Ubuntu Linux machine only for tests purpose as the following:
> 
> |openssl s_server -accept 9999 -cipher ECDHE-PSK-CHACHA20-POLY1305
> -nocert -psk 6161616161 -psk_identity admin|
> 
> 
> There are some problems on the client side (using Bouncy Castle
> 1.8.6.1), I'm stuck in a rut because everything seems implemented as the
> following (copied from your tests in the source code)
> 
> |class Program { private static readonly SecureRandom _secureRandom =
> new SecureRandom(); internal static TlsClientProtocol
> OpenTlsConnection(string hostname, int port,
> Org.BouncyCastle.Crypto.Tls.TlsClient client) { var tcp = new
> TcpClient(hostname, port); var protocol = new
> TlsClientProtocol(tcp.GetStream(), _secureRandom);
> protocol.Connect(client); return protocol; } static void Main(string[]
> args) { var hostname = "192.168.132.160"; var port = 9999; var
> psk_identity = "admin"; // hardcoded psk var psk = new byte[] { 0x61,
> 0x61, 0x61, 0x61, 0x61 }; var pskIdentity = new
> BasicTlsPskIdentity(psk_identity, psk); var client = new
> PskTlsClient(null, pskIdentity); var protocol =
> OpenTlsConnection(hostname, port, client); // Tryng to send something
> var req = Encoding.UTF8.GetBytes("GET / HTTP/1.1\r\n\r\n"); var
> tlsStream = protocol.Stream; tlsStream.Write(req, 0, req.Length);
> tlsStream.Flush(); var reader = new StreamReader(tlsStream); string
> line; while ((line = reader.ReadLine()) != null) {
> Console.WriteLine(">>> " + line); } protocol.Close(); } }|
> 
> I get this exception every time:
> 
>     System.IO.IOException: 'Unable to read data from the transport
>     connection: A connection attempt failed because the connected party
>     did not properly respond after a period of time, or established
>     connection failed because connected host has failed to respond.'
> 
> In addition, this code on my Linux Machine works
> 
> |openssl s_client -connect 192.168.132.160:9999 -psk 6161616161
> -psk_identity admin -tls1_2|
> 
> Did I miss something on my client side? Can anyone help me? I'm going mad.
> 
> Thanks
> 
> -- 
> Ivan Zanolla
> http://about.me/ivanzanolla <http://about.me/ivanzanolla>


Reply via email to