stackoom
  简体   繁体   中英

Is there a public psk server to test tls handshake?

 原文  2016-11-20 15:12:41       ssl/ openssl/ handshake/ tls-psk

Question

What I want is test tls handshake when psk is active. I also want to see every http header exchanged during the connection between client (my laptop) and public server. Now I am wondering if there is a public psk tls server where I can do my test.

Regards.

2 answers

solution1
 4 ACCPTED  2016-11-20 15:32:47

I doubt that there is a web server using PSK on the internet open for public testing. Also I doubt that browsers support PSK cipher suites. But you can setup your own web server using PSK with openssl: 

openssl s_server -psk 1a2b3c4d -nocert -www

And the matching client: 

openssl s_client -connect 127.0.0.1:4433 -psk 1a2b3c4d

As for the HTTP protocol: it is independent from the TLS layer, ie it does not change if PSK or the normal authentication with certificates is used.

solution2
 0  2016-11-21 09:38:09

Even if some public TLS Server were to support PSK, you won't be able to test your client with it. There is a fundamental difference between the way public key authentication (which is used by most of the TLS Servers) work and PSK.

Public Key Authentication: Incase of Public Key Server Authentication (the ones that doesn't involve Client Authentication), the server sends a Certificate, which contains a Public Key and Client encrypts it's pre-master secret and sends it to server which only the server can decrypt. In this way both have the same pre-master secret and can use the same set of derivations to further derive the final key.

Pre-Shared key: As the name indicates the pre-shared requires both parties to have the same key pre-shared among themselves. They just exchange the IDs between them to indicate which of the Pre-Shared they will be using to generate the final key.

So, even if there is a server which supports PSK, you should have the same set of (or atleast one) of the keys which it has, which is impossible as those servers won't share their keys with anyone apart from whom it is supposed to be shared with (the legit clients).

So, the best way for you is to use openssl's test client and server tools and test it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question TLS/PSK key length OpenSSL TLS/DTLS PSK How to establish a TLS coonection in TLS-PSK mode between a USIM sim card as client and a server? TLS connection with PSK using Bouncycastle Java TLS-PSK socket TLS Handshake error after server hello Done Preshared keys (TLS-PSK-WITH-AES-256-CBC-SHA) with node.js server How to use TLS_PSK in java on both server side and client side Retrieve public server certificate key during handshake How to do TLS 1.3 PSK using openssl?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM