I would like to experiment with the PSK cipher suites defined in RFC 5487
(http://tools.ietf.org/html/rfc5487) and I am struggling to add support for
these in Openssl. I am only interested in the variants compatible with TLS 1.1 :
CipherSuite TLS_PSK_WITH_AES_128_CBC_SHA256 = {0x00,0xAE};
CipherSuite TLS_PSK_WITH_AES_256_CBC_SHA384 = {0x00,0xAF};
CipherSuite TLS_PSK_WITH_NULL_SHA256 = {0x00,0xB0};
CipherSuite TLS_PSK_WITH_NULL_SHA384 = {0x00,0xB1};
By tracing how current cipher suites are implemented, I was able to go as far
as being able to display these ciphers using the "openssl ciphers -V PSK"
command
and using them to start up a client and server. However I am getting
handshake failure because the server can't find a match for the new cipher
suite when presented by the client. As far as I can tell the issue is that the
"ssl3_get_cipher_by_char() " function in s3_lib.c returns an empty list when
presented with new ids.
Any hints on what I need to do to make this work?
Thanks,
Lindani
