Skip to content

Commit

Permalink
doc: update outdated section on TLSv1.3-PSK
Browse files Browse the repository at this point in the history
Recent OpenSSL versions support PSKs with non-SHA-256 TLSv1.3 ciphers,
e.g., TLS_AES_256_GCM_SHA384.

PR-URL: #48123
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
  • Loading branch information
tniessen authored and targos committed May 30, 2023
1 parent 281dfaf commit 5497c13
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -173,8 +173,8 @@ low-entropy sources is not secure.
PSK ciphers are disabled by default, and using TLS-PSK thus requires explicitly
specifying a cipher suite with the `ciphers` option. The list of available
ciphers can be retrieved via `openssl ciphers -v 'PSK'`. All TLS 1.3
ciphers are eligible for PSK but currently only those that use SHA256 digest are
supported they can be retrieved via `openssl ciphers -v -s -tls1_3 -psk`.
ciphers are eligible for PSK and can be retrieved via
`openssl ciphers -v -s -tls1_3 -psk`.

According to the [RFC 4279][], PSK identities up to 128 bytes in length and
PSKs up to 64 bytes in length must be supported. As of OpenSSL 1.1.0
Expand Down

0 comments on commit 5497c13

Please sign in to comment.