diff options
author | Matt Caswell <matt@openssl.org> | 2018-08-23 14:37:01 +0100 |
---|---|---|
committer | Paul Yang <yang.yang@baishancloud.com> | 2018-09-01 09:06:10 +0800 |
commit | 354e010757b95d27fb36d364412ee7a5e7111963 (patch) | |
tree | 7dc364d8ee3280ad5d52b8da783ea64f911a30e4 /doc | |
parent | d6c46adf180aa3e29d5dac075fb673bbc273ae08 (diff) |
Add a note in the docs about sharing PSKs between TLSv1.2 and TLSv1.3
Fixes #6490
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Yang <yang.yang@baishancloud.com>
(Merged from https://github.com/openssl/openssl/pull/7044)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/SSL_CTX_set_psk_client_callback.pod | 8 | ||||
-rw-r--r-- | doc/man3/SSL_CTX_use_psk_identity_hint.pod | 10 |
2 files changed, 18 insertions, 0 deletions
diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod index 6d1a9b57b7..eb4e4f5fa4 100644 --- a/doc/man3/SSL_CTX_set_psk_client_callback.pod +++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod @@ -132,6 +132,14 @@ Note that parameter B<hint> given to the callback may be B<NULL>. A connection established via a TLSv1.3 PSK will appear as if session resumption has occurred so that L<SSL_session_reused(3)> will return true. +There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However the RFC has this note of caution: + +"While there is no known way in which the same PSK might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2." + =head1 RETURN VALUES Return values from the B<SSL_psk_client_cb_func> callback are interpreted as diff --git a/doc/man3/SSL_CTX_use_psk_identity_hint.pod b/doc/man3/SSL_CTX_use_psk_identity_hint.pod index 2b2bc3e20d..c8f7526610 100644 --- a/doc/man3/SSL_CTX_use_psk_identity_hint.pod +++ b/doc/man3/SSL_CTX_use_psk_identity_hint.pod @@ -123,6 +123,16 @@ completely. The B<SSL_psk_find_session_cb_func> callback should return 1 on success or 0 on failure. In the event of failure the connection setup fails. +=head1 NOTES + +There are no known security issues with sharing the same PSK between TLSv1.2 (or +below) and TLSv1.3. However the RFC has this note of caution: + +"While there is no known way in which the same PSK might produce related output +in both versions, only limited analysis has been done. Implementations can +ensure safety from cross-protocol related output by not reusing PSKs between +TLS 1.3 and TLS 1.2." + =head1 SEE ALSO L<SSL_CTX_set_psk_use_session_callback(3)>, |