I am aware that Openssl has support for external PSK. The Selfie attack 
was demonstrated using this Openssl implementation: 

However, the github issue you posted is still helpful. If I understand 
the resolution of this issue: Openssl will first check for a valid 
external PSK before checking for resumption PSKs.

I think we can include EAP-TLS-PSK without major changes to the current 
document. I only want to ensure that EAP-TLS-PSK does not leave any 
implementation ambiguities.


On 10/10/19 7:18 PM, John Mattsson wrote:
> Mohit Sethi M mailto:mohit.m.se...@ericsson.com wrote:
>> Can you give an example of an existing TLS 1.3 deployment that offers both 
>> resumption PSKs and external PSKs?
> Don’t know if it is deployed anywhere, but OpenSSL supports resumption of PSK 
> sessions. There was a bug that stopped it from working that was patched 12 
> months ago.
> https://github.com/openssl/openssl/issues/7433
> _______________________________________________
> Emu mailing list
> Emu@ietf.org
> https://www.ietf.org/mailman/listinfo/emu
Emu mailing list

Reply via email to