[openssl-commits] [openssl] master update

[yang . yang]

The branch master has been updated
       via  354e010757b95d27fb36d364412ee7a5e7111963 (commit)
      from  d6c46adf180aa3e29d5dac075fb673bbc273ae08 (commit)


- Log -----------------------------------------------------------------
commit 354e010757b95d27fb36d364412ee7a5e7111963
Author: Matt Caswell <m...@openssl.org>
Date:   Thu Aug 23 14:37:01 2018 +0100

    Add a note in the docs about sharing PSKs between TLSv1.2 and TLSv1.3
    
    Fixes #6490
    
    Reviewed-by: Tim Hudson <t...@openssl.org>
    Reviewed-by: Paul Yang <yang.y...@baishancloud.com>
    (Merged from https://github.com/openssl/openssl/pull/7044)

-----------------------------------------------------------------------

Summary of changes:
 doc/man3/SSL_CTX_set_psk_client_callback.pod |  8 ++++++++
 doc/man3/SSL_CTX_use_psk_identity_hint.pod   | 10 ++++++++++
 2 files changed, 18 insertions(+)

diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod 
b/doc/man3/SSL_CTX_set_psk_client_callback.pod
index 6d1a9b5..eb4e4f5 100644
--- a/doc/man3/SSL_CTX_set_psk_client_callback.pod
+++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod
@@ -132,6 +132,14 @@ Note that parameter B<hint> given to the callback may be 
B<NULL>.
 A connection established via a TLSv1.3 PSK will appear as if session resumption
 has occurred so that L<SSL_session_reused(3)> will return true.
 
+There are no known security issues with sharing the same PSK between TLSv1.2 
(or
+below) and TLSv1.3. However the RFC has this note of caution:
+
+"While there is no known way in which the same PSK might produce related output
+in both versions, only limited analysis has been done.  Implementations can
+ensure safety from cross-protocol related output by not reusing PSKs between
+TLS 1.3 and TLS 1.2."
+
 =head1 RETURN VALUES
 
 Return values from the B<SSL_psk_client_cb_func> callback are interpreted as
diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod 
b/doc/man3/SSL_CTX_use_psk_identity_hint.pod
index 2b2bc3e..c8f7526 100644
--- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod
+++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod
@@ -123,6 +123,16 @@ completely.
 The B<SSL_psk_find_session_cb_func> callback should return 1 on success or 0 on
 failure. In the event of failure the connection setup fails.
 
+=head1 NOTES
+
+There are no known security issues with sharing the same PSK between TLSv1.2 
(or
+below) and TLSv1.3. However the RFC has this note of caution:
+
+"While there is no known way in which the same PSK might produce related output
+in both versions, only limited analysis has been done.  Implementations can
+ensure safety from cross-protocol related output by not reusing PSKs between
+TLS 1.3 and TLS 1.2."
+
 =head1 SEE ALSO
 
 L<SSL_CTX_set_psk_use_session_callback(3)>,
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits