[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
8.2.1 Example client PSK connection
If your server only supports the PSK ciphersuite, connecting to it should be as simple as connecting to the server:
$ ./gnutls-cli -p 5556 localhost Resolving 'localhost'... Connecting to '127.0.0.1:5556'... - PSK client callback. PSK hint 'psk_identity_hint' Enter PSK identity: psk_identity Enter password: - PSK authentication. PSK hint 'psk_identity_hint' - Version: TLS1.1 - Key Exchange: PSK - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: |
If the server supports several cipher suites, you may need to force it
to chose PSK by using a cipher priority parameter such as
--priority NORMAL:+PSK:-RSA:-DHE-RSA:-DHE-PSK
.
Instead of using the Netconf-way to derive the PSK key from a password, you can also give the PSK username and key directly on the command line:
$ ./gnutls-cli -p 5556 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 Resolving 'localhost'... Connecting to '127.0.0.1:5556'... - PSK authentication. PSK hint 'psk_identity_hint' - Version: TLS1.1 - Key Exchange: PSK - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: |
By keeping the --pskusername
parameter and removing the
--pskkey
parameter, it will query only for the password during
the handshake.