[Openvpn-users] Security/Usage of tls-cipher with PSK KEX

Tue, 14 Feb 2017 23:31:47 -0800 

Hello.

I'm looking into the security of the offered tls-ciphers, with both OpenSSL and 
mbedTLS.

Now I've first encountered key exchanges with the use of a pre shared key, 
offered by mbedTLS.
The PSK appears to be used either on its own or in combination with DHE, ECDHE 
or RSA.
See the list of relevant cipher suites at the bottom of the mail:

A couple of questions there:
How is this PSK generated and correctly deployed?
Can someone give me a resource, explaining how this works?
What is the security impact of the use of the PSK?
In the cases, where only PSK is used, no additional key exchange, is the PSK 
used for the TLS encryption? 

Kind regards,
SaAtomic

OpenVPN version 2.4.0 and mbedTLS version 2.4.0 (neat coincidence) 
# openvpn --show-tls
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384
TLS-DHE-PSK-WITH-AES-256-CCM
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384
TLS-DHE-PSK-WITH-AES-256-CBC-SHA384
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA
TLS-DHE-PSK-WITH-AES-256-CBC-SHA
TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
TLS-DHE-PSK-WITH-AES-256-CCM-8
TLS-DHE-PSK-WITH-AES-128-GCM-SHA256
TLS-DHE-PSK-WITH-AES-128-CCM
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256
TLS-DHE-PSK-WITH-AES-128-CBC-SHA256
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA
TLS-DHE-PSK-WITH-AES-128-CBC-SHA
TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256
TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
TLS-DHE-PSK-WITH-AES-128-CCM-8
TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA
TLS-RSA-PSK-WITH-AES-256-GCM-SHA384
TLS-RSA-PSK-WITH-AES-256-CBC-SHA384
TLS-RSA-PSK-WITH-AES-256-CBC-SHA
TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384
TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384
TLS-RSA-PSK-WITH-AES-128-GCM-SHA256
TLS-RSA-PSK-WITH-AES-128-CBC-SHA256
TLS-RSA-PSK-WITH-AES-128-CBC-SHA
TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256
TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256
TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA
TLS-PSK-WITH-AES-256-GCM-SHA384
TLS-PSK-WITH-AES-256-CCM
TLS-PSK-WITH-AES-256-CBC-SHA384
TLS-PSK-WITH-AES-256-CBC-SHA
TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384
TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384
TLS-PSK-WITH-AES-256-CCM-8
TLS-PSK-WITH-AES-128-GCM-SHA256
TLS-PSK-WITH-AES-128-CCM
TLS-PSK-WITH-AES-128-CBC-SHA256
TLS-PSK-WITH-AES-128-CBC-SHA
TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256
TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256
TLS-PSK-WITH-AES-128-CCM-8
TLS-PSK-WITH-3DES-EDE-CBC-SHA

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to