Discussion:
[Openvpn-users] Security/Usage of tls-cipher with PSK KEX
s***@keemail.me
2017-02-15 07:09:56 UTC
Permalink
Hello.

I'm looking into the security of the offered tls-ciphers, with both OpenSSL and mbedTLS.

Now I've first encountered key exchanges with the use of a pre shared key, offered by mbedTLS.
The PSK appears to be used either on its own or in combination with DHE, ECDHE or RSA.
See the list of relevant cipher suites at the bottom of the mail:

A couple of questions there:
How is this PSK generated and correctly deployed?
Can someone give me a resource, explaining how this works?
What is the security impact of the use of the PSK?
In the cases, where only PSK is used, no additional key exchange, is the PSK used for the TLS encryption?

Kind regards,
SaAtomic

OpenVPN version 2.4.0 and mbedTLS version 2.4.0 (neat coincidence)
# openvpn --show-tls
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384
TLS-DHE-PSK-WITH-AES-256-CCM
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384
TLS-DHE-PSK-WITH-AES-256-CBC-SHA384
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA
TLS-DHE-PSK-WITH-AES-256-CBC-SHA
TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384
TLS-DHE-PSK-WITH-AES-256-CCM-8
TLS-DHE-PSK-WITH-AES-128-GCM-SHA256
TLS-DHE-PSK-WITH-AES-128-CCM
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256
TLS-DHE-PSK-WITH-AES-128-CBC-SHA256
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA
TLS-DHE-PSK-WITH-AES-128-CBC-SHA
TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256
TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256
TLS-DHE-PSK-WITH-AES-128-CCM-8
TLS-ECDHE-PSK-WITH-3DES-EDE-CBC-SHA
TLS-DHE-PSK-WITH-3DES-EDE-CBC-SHA
TLS-RSA-PSK-WITH-AES-256-GCM-SHA384
TLS-RSA-PSK-WITH-AES-256-CBC-SHA384
TLS-RSA-PSK-WITH-AES-256-CBC-SHA
TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384
TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384
TLS-RSA-PSK-WITH-AES-128-GCM-SHA256
TLS-RSA-PSK-WITH-AES-128-CBC-SHA256
TLS-RSA-PSK-WITH-AES-128-CBC-SHA
TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256
TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256
TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA
TLS-PSK-WITH-AES-256-GCM-SHA384
TLS-PSK-WITH-AES-256-CCM
TLS-PSK-WITH-AES-256-CBC-SHA384
TLS-PSK-WITH-AES-256-CBC-SHA
TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384
TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384
TLS-PSK-WITH-AES-256-CCM-8
TLS-PSK-WITH-AES-128-GCM-SHA256
TLS-PSK-WITH-AES-128-CCM
TLS-PSK-WITH-AES-128-CBC-SHA256
TLS-PSK-WITH-AES-128-CBC-SHA
TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256
TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256
TLS-PSK-WITH-AES-128-CCM-8
TLS-PSK-WITH-3DES-EDE-CBC-SHA
Steffan Karger
2017-02-17 14:16:37 UTC
Permalink
Hi,
Post by s***@keemail.me
I'm looking into the security of the offered tls-ciphers, with both OpenSSL and mbedTLS.
Now I've first encountered key exchanges with the use of a pre shared
key, offered by mbedTLS.
The PSK appears to be used either on its own or in combination with DHE, ECDHE or RSA.
How is this PSK generated and correctly deployed?
Can someone give me a resource, explaining how this works?
What is the security impact of the use of the PSK?
In the cases, where only PSK is used, no additional key exchange, is the
PSK used for the TLS encryption?
OpenVPN does not support TLS PSK. Compared to the asymmetric key
exchanges we support, it doesn't really bring us anything, but it does
incur extra development time and maintenance cost.

The other questions you ask are quite generic TLS PSK questions, which
are probably best explained by the RFC that introduces PSK:
https://tools.ietf.org/html/rfc4279

It's just 10 pages of actual text, so should be quite digestible.

-Steffan

Loading...