RSA-PSK key exchange requires TLS 1.x It's not clear if, with SSL3, one should include send the two length bytes for EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.

commit: a04fa4fa040e02d2588bb82f75b19ba94a10d26e [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Sun Jul 13 16:16:44 2014 +0200
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Aug 14 11:34:34 2014 +0200
tree: 6091a94675cdd92f1028be0274b66fdb961e755e
parent: e46aa5e336dfdbc302044f0c5451abdd2e98ddb6 [diff]
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 84e8120..b05b8dd 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c

@@ -1444,13 +1444,13 @@
 #if defined(POLARSSL_SHA1_C)
     { TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
       POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
-      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
       0 },
 
     { TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
       POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
-      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
       0 },
 #endif /* POLARSSL_SHA1_C */
@@ -1500,7 +1500,7 @@
 #if defined(POLARSSL_SHA1_C)
     { TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
       POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
-      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
       0 },
 #endif /* POLARSSL_SHA1_C */
@@ -1511,7 +1511,7 @@
 #if defined(POLARSSL_SHA1_C)
     { TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
       POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
-      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
       0 },
 #endif /* POLARSSL_SHA1_C */
@@ -1628,7 +1628,7 @@
 #if defined(POLARSSL_SHA1_C)
     { TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
       POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
-      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
+      SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
       SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
       POLARSSL_CIPHERSUITE_WEAK },
 #endif /* POLARSSL_SHA1_C */
commit	a04fa4fa040e02d2588bb82f75b19ba94a10d26e	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Sun Jul 13 16:16:44 2014 +0200
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Thu Aug 14 11:34:34 2014 +0200
tree	6091a94675cdd92f1028be0274b66fdb961e755e
parent	e46aa5e336dfdbc302044f0c5451abdd2e98ddb6 [diff]