| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
8.2.1 Example client PSK connection
If your server only supports the PSK ciphersuite, connecting to it should be as simple as connecting to the server:
$ ./gnutls-cli -p 5556 localhost Resolving 'localhost'... Connecting to '127.0.0.1:5556'... - PSK client callback. Enter PSK identity: psk_identity Enter password: - PSK authentication. - Version: TLS1.1 - Key Exchange: PSK - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: |
If the server supports several cipher suites, you may need to force it to chose PSK by using a cipher priority parameter such as in the example below:
$ ./gnutls-cli -p 5556 localhost --pskusername psk_identity \ --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 \ --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK Resolving 'localhost'... Connecting to '127.0.0.1:5556'... - PSK authentication. - Version: TLS1.1 - Key Exchange: PSK - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: |
By keeping the --pskusername parameter and removing the
--pskkey parameter, it will query only for the password during
the handshake.