I've got mbedTLS 3.1.4 and want to use TLS 1.3. My handshake fails very early because I don't have any Pre-Shared Keys. Does mbedTLS TLS1.3 only support PSKs, or can I still use generated session keys as does TLS 1.2? If so, how?
Jeff Thompson | Senior Electrical Engineer - Firmware +1 704 752 6513 x1394 www.invue.com
[cid:image001.gif@01D9D729.620C6230]
Hi Jeff,
Mbed TLS 3.4 supports ECDH/FFDH/PSK for key exchange and RSA/ECDSA/PSK for authentication in TLS 1.3. I'm not sure what you mean by “generated session keys”: are you trying to do session resumption, or a handshake authenticated with an X.509 certificate?
Best regards,
I misunderstood the PSA feature, and the error I was getting, and thought I needed to provide PSK because I was missing a call to psa_crypto_init. I’m now getting further, with the current hurdle being ‘x509_verify_cert() returned -9984 (-0x2700)’.
Jeff Thompson | Senior Electrical Engineer - Firmware +1 704 752 6513 x1394 www.invue.com
[cid:image001.gif@01D9D755.C0FDC9B0]
From: Gilles Peskine via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: Friday, August 25, 2023 12:15 PM To: mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] Re: Does mbedTLS TLS1.3 only support PSK?
Hi Jeff,
Mbed TLS 3.4 supports ECDH/FFDH/PSK for key exchange and RSA/ECDSA/PSK for authentication in TLS 1.3. I'm not sure what you mean by “generated session keys”: are you trying to do session resumption, or a handshake authenticated with an X.509 certificate?
Best regards,
-- Gilles Peskine Mbed TLS developer
On 25/08/2023 13:55, Thompson, Jeff via mbed-tls wrote: I’ve got mbedTLS 3.1.4 and want to use TLS 1.3. My handshake fails very early because I don’t have any Pre-Shared Keys. Does mbedTLS TLS1.3 only support PSKs, or can I still use generated session keys as does TLS 1.2? If so, how?
Jeff Thompson | Senior Electrical Engineer - Firmware +1 704 752 6513 x1394 www.invue.com
[cid:image001.gif@01D9D755.C0FDC9B0]
mbed-tls@lists.trustedfirmware.org
-
Gilles Peskine -
Thompson, Jeff