Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 0d2bd0e..e154442 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -3046,11 +3046,6 @@
/* Write the ECDH computation length before the ECDH computation */
MBEDTLS_PUT_UINT16_BE( zlen, pms, 0 );
pms += zlen_size + zlen;
-
- /* In case of opaque psk skip writting psk to pms.
- * Opaque key will be handled later. */
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "skip PMS generation for opaque ECDHE-PSK" ) );
}
else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
@@ -3164,26 +3159,18 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK)
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "skip PMS generation for opaque PSK" ) );
- }
- else
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK)
- {
- MBEDTLS_SSL_DEBUG_MSG( 1,
- ( "skip PMS generation for opaque RSA-PSK" ) );
- }
- else
+ if( ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_PSK &&
+ ciphersuite_info->key_exchange != MBEDTLS_KEY_EXCHANGE_RSA_PSK )
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
- if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
- ciphersuite_info->key_exchange ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1,
- "mbedtls_ssl_psk_derive_premaster", ret );
- return( ret );
+ if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
+ ciphersuite_info->key_exchange ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_psk_derive_premaster", ret );
+ return( ret );
+ }
}
}
else
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index f7cceed..0c8f0f5 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -3983,18 +3983,14 @@
return( MBEDTLS_ERR_SSL_DECODE_ERROR );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /* For opaque PSKs, we perform the PSK-to-MS derivation automatically
- * and skip the intermediate PMS. */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
-#else
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
@@ -4026,18 +4022,14 @@
return( ret );
}
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- /* For opaque PSKs, we perform the PSK-to-MS derivation automatically
- * and skip the intermediate PMS. */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque RSA-PSK" ) );
-#else
+#if !defined(MBEDTLS_USE_PSA_CRYPTO)
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
else
#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
@@ -4147,9 +4139,6 @@
MBEDTLS_PUT_UINT16_BE( zlen, psm, 0 );
psm += zlen_size + zlen;
- /* In case of opaque psk skip writting psk to pms.
- * Opaque key will be handled later. */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque ECDHE-PSK" ) );
#else /* MBEDTLS_USE_PSA_CRYPTO */
if( ( ret = ssl_parse_client_psk_identity( ssl, &p, end ) ) != 0 )
{
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dcee5df..64d1aac 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -6399,8 +6399,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6414,8 +6412,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6429,8 +6425,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6444,8 +6438,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque PSK"\
- -S "skip PMS generation for opaque PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6459,8 +6451,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque RSA-PSK"\
- -S "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6474,8 +6464,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque RSA-PSK"\
- -S "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6489,8 +6477,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque RSA-PSK"\
- -S "skip PMS generation for opaque RSA-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6504,8 +6490,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque RSA-PSK"\
- -S "skip PMS generation for opaque RSA-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6519,8 +6503,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque ECDHE-PSK"\
- -S "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6534,8 +6516,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque ECDHE-PSK"\
- -S "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6549,8 +6529,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque ECDHE-PSK"\
- -S "skip PMS generation for opaque ECDHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6564,8 +6542,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque ECDHE-PSK"\
- -S "skip PMS generation for opaque ECDHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6579,8 +6555,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque DHE-PSK"\
- -S "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6594,8 +6568,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque DHE-PSK"\
- -S "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6609,8 +6581,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque DHE-PSK"\
- -S "skip PMS generation for opaque DHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6624,8 +6594,6 @@
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123 psk_opaque=1" \
0 \
- -c "skip PMS generation for opaque DHE-PSK"\
- -S "skip PMS generation for opaque DHE-PSK"\
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6639,8 +6607,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6654,8 +6620,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6672,8 +6636,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6688,8 +6650,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6701,8 +6661,6 @@
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6716,8 +6674,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6734,8 +6690,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6750,8 +6704,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6763,8 +6715,6 @@
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6778,8 +6728,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6796,8 +6744,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6812,8 +6758,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6825,8 +6769,6 @@
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6840,8 +6782,6 @@
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=foo psk=abc123" \
0 \
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6858,8 +6798,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6874,8 +6812,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6887,8 +6823,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6902,8 +6836,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6920,8 +6852,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6936,8 +6866,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6949,8 +6877,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6964,8 +6890,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -6982,8 +6906,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -6998,8 +6920,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque RSA-PSK"\
- -s "skip PMS generation for opaque RSA-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7011,8 +6931,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7026,8 +6944,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7044,8 +6960,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7060,8 +6974,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque ECDHE-PSK"\
- -s "skip PMS generation for opaque ECDHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7073,8 +6985,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7088,8 +6998,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7106,8 +7014,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7122,8 +7028,6 @@
0 \
-c "session hash for extended master secret"\
-s "session hash for extended master secret"\
- -C "skip PMS generation for opaque DHE-PSK"\
- -s "skip PMS generation for opaque DHE-PSK"\
-S "SSL - The handshake negotiation failed" \
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
@@ -7135,8 +7039,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7150,8 +7052,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
- -s "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7165,7 +7065,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \
@@ -7179,7 +7078,6 @@
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
psk_identity=def psk=beef" \
0 \
- -C "skip PMS generation for opaque PSK"\
-C "session hash for extended master secret"\
-S "session hash for extended master secret"\
-S "SSL - The handshake negotiation failed" \