GitLab

Found in IUTSimulator on android, not teststed on ubuntu.
When a Lite client opens a secure connection to a server, while both in RFNOP, and the client has a PSK to the server's UUID and an identity certificate, then the Lite client does not include the PSK cipher suite in the Client Hello. Instead, it includes only ECDHE cipher suites:
 

4.540s 11:19:07 DEBUG: DTLS PSK Server: Received Client Hello, sequence=0, length=88
4.540s 11:19:07 DEBUG: DTLS PSK Server: Client offered cipher suites: C0AE, C0AC, C0AF, C0AD, 
, C023, 00FF
4.540s 11:19:07 DEBUG: DTLS PSK Server: Found no matching cipher suite
4.540s 11:19:07 DEBUG: DTLS PSK Server: Alert handshake_failure(40) was raised
4.540s 11:19:07 DEBUG: DTLS PSK Server: Handshake ended with failure

This makes it impossible to pass the whole test run for clients in the CTT. In all Resource Model test cases for clients the CTT onboards both the IUT and the simulator and ensures that both have a PSK credential for secure communication in RFNOP. If those test cases are executed alone, the problem does not appear. However, it the IUT has an idenity certificate installed, e.g. after running some of Security test cases or CT2.1.6, then the IUT won't be able to talk to the simulator because it ignores the fact it has the PSK credential for the simulator and offers only ECDHE cipher suites in Client Hello. The simulator rejects the handhake attampt since it does not own an identity certificate (it doesn't have to).

---

JIRA migration meta data

• JIRA Issue ID: LITE-102
• Reporter: krzysztof.j.wlodarczyk
• Assignee: krzysztof.j.wlodarczyk
• Creator: krzysztof.j.wlodarczyk
• Created at: 2019-11-19T03:57:01.000-0800
• Found in Version: master
• Fix in Version: None
• Issue Severity: Major
• Reproducibility: Always (100%)
• Operating System: Android
• Hardware/ OEM Platform: None
• External URL: None
• Bugzilla ID: None
• Product: None
• Status: Done
• Components: security
• Priority: Undecided
• Due Date: None
• Issue Type: Bug
  END of JIRA migration meta data

---