RFC Errata
Found 1 record.
Status: Reported (1)
RFC 9257, "Guidance for External Pre-Shared Key (PSK) Usage in TLS", July 2022
Source of RFC: tls (sec)
Errata ID: 7643
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Heikki Vatiainen
Date Reported: 2023-09-17
Section 6.1. Stack Interface says:
* OpenSSL and BoringSSL: Applications can specify support for external PSKs via distinct ciphersuites in TLS 1.2 and below. Also, they can then configure callbacks that are invoked for PSK selection during the handshake. These callbacks must provide a PSK identity and key. The exact format of the callback depends on the negotiated TLS protocol version, with new callback functions added specifically to OpenSSL for TLS 1.3 [RFC8446] PSK support. The PSK length is validated to be between 1-256 bytes (inclusive). The PSK identity may be up to 128 bytes long.
It should say:
* OpenSSL and BoringSSL: Applications can specify support for external PSKs via distinct ciphersuites in TLS 1.2 and below. Also, they can then configure callbacks that are invoked for PSK selection during the handshake. These callbacks must provide a PSK identity and key. The exact format of the callback depends on the negotiated TLS protocol version, with new callback functions added specifically to OpenSSL for TLS 1.3 [RFC8446] PSK support. The PSK length is validated to be between 1-256 bytes (inclusive). The PSK identity may be up to 128 bytes long. OpenSSL 3.0 increased PSK maximum length to 512 bytes and PSK identity maximum length to 256 bytes to match existing implementations and specifications.
Notes:
OpenSSL PSK length and PSK identity length were increased to 256 and 512 octets, respectively, for OpenSSL 3.0. There appear to be implementations and specifications that require these longer lengths. See here for more information:
https://github.com/openssl/openssl/pull/12777
https://github.com/openssl/openssl/pull/12771