Hi, I recently noticed that PolarSSL and GnuTLS fail to interop when using RSA-PSK ciphersuites with SSLv3. The reason is, PolarSSL uses EncryptPreMasterSecret without initial length bytes, as was done in SSLv3, but GnuTLS wants the length bytes (as in TLS 1.x).
RFC 4279 says: The EncryptedPreMasterSecret field sent from the client to the server contains a 2-byte version number and a 46-byte random value, encrypted using the server's RSA public key as described in Section 7.4.7.1 of [RFC2246] So it refers to RFC 2246 which defines TLS 1.0, which was current when RFC 4279 was published, but doesn't say anything about previous versions. There are (at least) two ways to interpret this silence: 1. Do as in TLS 1.0 even with older version. 2. Encode EncryptedPreMasterSecret as is usually done in the active version. GnuTLS does (1) and PolarSSL does (2), hence the interop issue. Of course a third way to interpret this silence might be to limit RSA-PSK suites to TLS 1.x where there is no possible ambiguity. Before taking any action, I wanted to check with you. What's your opinion on this matter? Manuel. PS: according to Wikipedia's comparison of TLS implementations, we'd be the only libraries implementing RSA-PSK. _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
