[gnutls-devel] No identity hint when using DHE-PSK

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Jul 10 21:19:43 CEST 2015

On Fri, 2015-07-10 at 15:35 +0200, Felix Grehl wrote:
> Hi,
> I'm trying to use the cipher suite
> (TLS1.2)-(DHE-PSK-2048)-(AES-128-CBC)-(SHA1) with the server side. I'm
> setting an identity hint of non-zero length via
> gnutls_psk_set_server_credentials_hint(), but the ServerKeyExchange
> message still doesn't contain any hint (it has zero length). The same
> works fine if I only PSK instead of DHE-PSK (it's actually the very
> same code without setting the DH parameters in the credentials). Is
> this a known issue? My system environment is Win7 with cygwin:
> CYGWIN_NT-6.1-WOW bo3-140219-05 2.0.4(0.287/5/3) 2015-06-09 12:20 i686
> Cygwin I'm using GnuTLS version 3.3.15.

 That is a bug. The hint is not set, nor read in the DHE and ECDHE PSK
ciphersuites. I've committed a fix which will be included in the next
release. Thank you for reporting that.


More information about the Gnutls-devel mailing list