Why is Openssl s_server expecting key & certificate in the case of PSK cipher test?

95    Asked by AmitSinha in Cyber Security , Asked on Apr 18, 2022

I am new to security domain,

In the case of PSK why openssl s_server is expecting a certificate and key. If I don't give then it gives errors like below.


$ openssl s_server -psk fcc56e7668194a4775e5b36e2735551a -accept 1440 -cipher PSK-AES128-CBC-SHA  Error opening server certificate private key file server.pem 139623549462168:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('server.pem','r')


139623549462168:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400: unable to load server certificate private key file

If I provide a certificate then openssl s_server starts .


$ openssl s_server -psk fcc56e7668194a4775e5b36e2735551a -key key.pem

-accept 1440 -cipher PSK-AES128-CBC-SHA -psk_hint Client_identity

openssl s_client doesn't need certificate


$ openssl s_client -connect localhost:1440 -psk fcc56e7668194a4775e5b36e2735551a 

I have the following questions:


certificate and key is not going to be used in client, only PSK will be used then why does s_server need certificate ?

Is this the right approach to test PSK using openssl server and client.

I am using the RSA key in case of an openssl server to verify the PSK-AES128-CBC-SHA cipher, is this the right key format for this cipher to verify?

Answered by Anil Jha

You have to explicitly use the -nocert option so that it will not try to load the default certificate:


$ openssl s_server -psk fcc56e7668194a4775e5b36e2735551a -accept 1440 

   -cipher PSK-AES128-CBC-SHA 

   -nocert

Using default temp DH parameters

ACCEPT

  • certificate and key is not going to be used in client, only PSK will be used then why does s_server need certificate ?
  • A TLS server is usually used with a certificate and therefore s_server expects one by default (and has a default path where it expects it). A TLS client is usually used without a certificate and therefore s_client does not expect one.
  • Is this the right approach to test PSK using openssl server and client.
  • Apart from adding the -nocert option and omitting the certificate, yes.
  • I am using the RSA key in case of an openssl server to verify the PSK-AES128-CBC-SHA cipher, is this the right key format for this cipher to verify?
  • No certificate is used when using PSK which means no RSA key is used too.



Your Answer

Online Course

Tutorials

Salesforce Tutorial

Software Testing Tutorial

SQL Tutorial

Business Analyst Tutorial

Devops Tutorial

Data Science Tutorial

AWS Tutorial

Hadoop Tutorial

SSRS Tutorial

AWS S3 Tutorial

Functional Testing Tutorial

SSAS Tutorial

Automation Testing Tutorial

Manual Testing Tutorial

Selenium Tutorial

Kubernetes Tutorial

Scala Tutorial

ETL Testing Tutorial

Python Tutorial

Pyspark Tutorial

R Tutorial

Unit Testing Tutorial

API Testing Tutorial

Puppet Tutorial

Integration Testing Tutorial

Chef Tutorial

Jenkins Tutorial

Ansible Tutorial

Vagrant Tutorial

Docker Tutorial

Interviews

Parent Categories

Copyright | JanBaskTraining.com