> On Nov 15, 2019, at 4:25 AM, Matt Caswell <[email protected]> wrote:
>
> It might be nice if we added a new option "-pskmd" or similar which
> enabled you to specify the md from the command line without having to
> have a session file first. However that isn't currently possible.
With a saved session there may actually be enough key material to
arrive at non-trivial security. As it stands, the OP wrote:
> PSK=63ef2024b1
> openssl s_client -tls1_3 -psk $PSK -connect :4433 -ciphersuites
> TLS_AES_256_GCM_SHA384
That 40-bit PSK does not provide much security. I would hope that
"in real life" (simple tests aside) the PSKs will have non-trivial
entropy.
--
Viktor.
