manpagez: man pages & more
info gnutls
Home | html | info | man
[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

8.2.1 Example client PSK connection

If your server only supports the PSK ciphersuite, connecting to it should be as simple as connecting to the server:

 
$ ./gnutls-cli -p 5556 localhost
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
- PSK client callback. PSK hint 'psk_identity_hint'
Enter PSK identity: psk_identity
Enter password: 
- PSK authentication. PSK hint 'psk_identity_hint'
- Version: TLS1.1
- Key Exchange: PSK
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

If the server supports several cipher suites, you may need to force it to chose PSK by using a cipher priority parameter such as --priority NORMAL:+PSK:-RSA:-DHE-RSA:-DHE-PSK.

Instead of using the Netconf-way to derive the PSK key from a password, you can also give the PSK username and key directly on the command line:

 
$ ./gnutls-cli -p 5556 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 
Resolving 'localhost'...
Connecting to '127.0.0.1:5556'...
- PSK authentication. PSK hint 'psk_identity_hint'
- Version: TLS1.1
- Key Exchange: PSK
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

By keeping the --pskusername parameter and removing the --pskkey parameter, it will query only for the password during the handshake.


© manpagez.com 2000-2024
Individual documents may contain additional copyright information.