1 (edited by cxenof03 2021-05-23 11:29:00)

Topic: Custom PSK in TLS 1.3 gives -306 error

Hello everyone,

I am trying to modify the NewSessionTicket from a TLS1.3 communication and create a custom smaller session ticket due to some restrictions and to a specific TLS13 application, and additionally, I want to pass some specific data using the NewSessionTicket
I am using the client/server example running them with arguments:

server/client -v 4 -r -s -t -0

Initially, I tried concatenating the custom session ticket and data I needed into the NewSessionTicket and therefore there was no issue. The structure of the NewSessionTicket was:

Session Ticket: [SessionTicket|data|customSessionTicket]

Where the data is 32-bytes and the customSessionTicket is 5-bytes. As shown in [img]customSessionTicket.PNG[/img]
Now though, I want to remove the original NewSessionTicket and in its place add the custom ticket and data at its place. The structure I need must be:

Session Ticket: [data|customSessionTicket]

I can observe that the NewSessionTicket is sent perfectly, with no issue, and the initial handshake works.
Also when the 0-RTT resumption is happening I can see that the client sends the Session Ticket in the PSK Identity: field as it suppose to. Thus the handshake does not happen eventually, as I get an error from the servers side:

SSL_read input error -306, parse error on header

So, how do I fix this issue and be able to send a custom NewSessionTicket where the server will check the last 5 bytes to resume the session?

Thank you in advance
Thank you

Post's attachments

customSessionTicket.PNG
customSessionTicket.PNG 27.52 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: Custom PSK in TLS 1.3 gives -306 error

Hi Chris,

I'll ask the team to review this for you...

Re: Custom PSK in TLS 1.3 gives -306 error

Hi Christos,

It appears you want to replace our internal format of the ticket data.
CreateTicket() is where this is created and DoClientTicket() processes the internal data.

You will need to modify these functions to handle the format that you need.

Sean

Share