Hi, this is not too serious for me, but I noticed a slight behavior change with external PSK auth.
I tested with the following 3 strategies (in ptls_context_t):
- NO_KEY_SHARE: key_exchanges = NULL and require_dhe_on_psk = false
- DEFAULT: key_exchanges is set and require_dhe_on_psk = false
- DHE_REQUIRED: key_exchanges is set and require_dhe_on_psk = true
Earlier when I was using rev d4987ca (on kazuho/psk2 branch) I saw this behavior:
|
client NO_KEY_SHARE |
client DEFAULT |
client DHE_REQUIRED |
server NO_KEY_SHARE |
PSK-only |
PSK-only |
handshake_failure |
server DEFAULT |
PSK-only |
PSK-only |
PSK+DHE |
server DHE_REQUIRED |
handshake_failure |
PSK+DHE |
PSK+DHE |
Now after upgrading to latest master, I see this behavior (two scenarios changed, marked with a ✱):
|
client NO_KEY_SHARE |
client DEFAULT |
client DHE_REQUIRED |
server NO_KEY_SHARE |
PSK-only |
PSK-only |
handshake_failure |
server DEFAULT |
missing_extension ✱ |
PSK-only |
PSK+DHE |
server DHE_REQUIRED |
missing_extension ✱ |
PSK+DHE |
PSK+DHE |
I think the change from handshake_failure to missing_extension in the scenario where client has NO_KEY_SHARE and server has DHE_REQUIRED is fine and good. We're still failing, just with a different and arguably better error. I think the new error makes a lot of sense, given that the key_share is missing but the server requires it in this case.
The one I am concerned about is the change where client has NO_KEY_SHARE and server is DEFAULT. This was succeeding before and using PSK-only mode, but now it fails with missing_extension. Is this an intentional change? Why should this not succeed?
Thanks!
Hi, this is not too serious for me, but I noticed a slight behavior change with external PSK auth.
I tested with the following 3 strategies (in
ptls_context_t):Earlier when I was using rev d4987ca (on kazuho/psk2 branch) I saw this behavior:
NO_KEY_SHAREDEFAULTDHE_REQUIREDNO_KEY_SHAREDEFAULTDHE_REQUIREDNow after upgrading to latest master, I see this behavior (two scenarios changed, marked with a ✱):
NO_KEY_SHAREDEFAULTDHE_REQUIREDNO_KEY_SHAREDEFAULTDHE_REQUIREDI think the change from handshake_failure to missing_extension in the scenario where client has
NO_KEY_SHAREand server hasDHE_REQUIREDis fine and good. We're still failing, just with a different and arguably better error. I think the new error makes a lot of sense, given that the key_share is missing but the server requires it in this case.The one I am concerned about is the change where client has
NO_KEY_SHAREand server isDEFAULT. This was succeeding before and using PSK-only mode, but now it fails with missing_extension. Is this an intentional change? Why should this not succeed?Thanks!