Commit 354e0107 authored Aug 23, 2018 by Matt Caswell Committed by Paul Yang Sep 01, 2018

Add a note in the docs about sharing PSKs between TLSv1.2 and TLSv1.3



Fixes #6490

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7044)

parent d6c46adf

doc/man3/SSL_CTX_set_psk_client_callback.pod

+8 −0

Original line number	Diff line number	Diff line
		@@ -132,6 +132,14 @@ Note that parameter B<hint> given to the callback may be B<NULL>.
		A connection established via a TLSv1.3 PSK will appear as if session resumption
		has occurred so that L<SSL_session_reused(3)> will return true.

		There are no known security issues with sharing the same PSK between TLSv1.2 (or
		below) and TLSv1.3. However the RFC has this note of caution:

		"While there is no known way in which the same PSK might produce related output
		in both versions, only limited analysis has been done. Implementations can
		ensure safety from cross-protocol related output by not reusing PSKs between
		TLS 1.3 and TLS 1.2."

		=head1 RETURN VALUES

		Return values from the B<SSL_psk_client_cb_func> callback are interpreted as

doc/man3/SSL_CTX_use_psk_identity_hint.pod

+10 −0

Original line number	Diff line number	Diff line
		@@ -123,6 +123,16 @@ completely.
		The B<SSL_psk_find_session_cb_func> callback should return 1 on success or 0 on
		failure. In the event of failure the connection setup fails.

		=head1 NOTES

		There are no known security issues with sharing the same PSK between TLSv1.2 (or
		below) and TLSv1.3. However the RFC has this note of caution:

		"While there is no known way in which the same PSK might produce related output
		in both versions, only limited analysis has been done. Implementations can
		ensure safety from cross-protocol related output by not reusing PSKs between
		TLS 1.3 and TLS 1.2."

		=head1 SEE ALSO

		L<SSL_CTX_set_psk_use_session_callback(3)>,