Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-95670

PSK doesn't work when both the client and server use TLS 1.3

    XMLWordPrintable

    Details

    • Platform/s:
      All

      Description

      When OpenSSL started supporting TLS 1.3, we noticed that QSslSocket would emit the PSK signal for every connection. To work around that we merged this patch:
      https://codereview.qt-project.org/c/qt/qtbase/+/264895
      This fixed the issue, surpressing the 0-RTT PSK callback from OpenSSL. And in our testing, there were no problem since the test servers we tested with didn't yet use or support TLS 1.3, so the handshake fell back to TLS 1.2 and queried for PSK again, but this time we do emit the signal.

      Because the server was falling back to TLS 1.2 it wasn't noticed that if the client and server both use TLS 1.3 there is no room for the user to transmit the PSK (this would still be 0-RTT and would not have the identity hint set)!

      We should investigate some ways to mitigate this (TLS 1.3 specific signal could be one option) or, at the very least, document the behavior.

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              manordheim Mårten Nordheim
              Reporter:
              manordheim Mårten Nordheim
              PM Owner:
              Vladimir Minenko Vladimir Minenko
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:

                  Gerrit Reviews

                  There are no open Gerrit changes