PSK value max size in OpenSSL 1.1.1 is wrong in documentation

XMLWordPrintable

    • Type: Documentation task
    • Resolution: Fixed
    • Priority: Major
    • 5.2 (plan)
    • Affects Version/s: 5.0.2, 5.2.0alpha1
    • Component/s: Documentation (D)
    • Environment:
      CentOS 8
      Zabbix 5

      Steps to reproduce:

      1. Install zabbix-agent from offical repo
      2. Check OpenSSL used version (by zabbix_agentd -V)
      3. Use 512 hexa characters PSK key

      Result:

      zabbix_agentd -V return :

      Compiled with OpenSSL 1.1.1c FIPS 28 May 2019
      Running with OpenSSL 1.1.1c FIPS 28 May 2019

      Everything running correctly
      Expected:
      Update or clarify documentation :

      https://www.zabbix.com/documentation/current/manual/encryption/using_pre_shared_keys

      Why since OpenSSL 1.1.1, documentation indicated max size is limited to 128 characters ?

      Component PSK identity max size PSK value min size PSK value max size
      OpenSSL 1.1.1 127 bytes (may include UTF-8 characters) - 512-bit (64-byte PSK, entered as 128 hexadecimal digits)
       

      In level 2, OpenSSL documentation say : " As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited."

      https://www.openssl.org/docs/man1.1.1/man3/SSL_get_security_callback.html

       

            Assignee:
            Marina Generalova
            Reporter:
            CHAVIGNY
            Team D
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: