[stunnel-users] PSK mode does not work correctly with TLSv1.3
zizazit at protonmail.com
Wed Nov 21 11:46:30 CET 2018
In TLSv1.3, session resumption has been reworked to be the same way as PSK. The client attempts resumption by appending a ticket as PSK identity to the head of the list.
With OpenSSL 1.1.1, the server side should use the new SSL_CTX_set_psk_find_session_callback() callback instead of SSL_CTX_set_psk_server_callback() which is used by stunnel now.
Because stunnel only verifies against the first PSK identity, stunnel will fail for every other connections it makes. This impacts the default configuration when running with OpenSSL 1.1.1 because TLSv1.3 is enabled by default. It may be confusing because only half of the connections will fail as the client will try to resume the last successful session for every second connections.
I purpose that stunnel should switch to SSL_CTX_set_psk_find_session_callback() for OpenSSL 1.1.1, and that it preferably should default to a maximum version of TLSv1.2 because it might be compiled with OpenSSL 1.0.x but runs with OpenSSL 1.1.1 which will enable TLSv1.3 automatically.
More information about the stunnel-users