--- a/runtime/Stunnel.py Mon Oct 29 11:33:36 2018 +0100
+++ b/runtime/Stunnel.py Tue Oct 30 09:45:47 2018 +0100
@@ -11,11 +11,11 @@
_PSKpath = None
def PSKgen(ID, PSKpath):
- secret = os.urandom(256) # 2048 bits is still safe nowadays
- # following makes 512 length string, rejected by stunnel
- # using binascii hexlify loses 50% entropy
- # secretstring = hexlify(secret)
+ # 236 bytes is empirical maximum when using :
+ # - stunnel 5.36 on server with openssl 1.0.2k
+ # - python-sslpsk 1.0.0 on client with openssl 1.0.2k
+ secret = os.urandom(236)
secretstring = secret.translate(translator)
PSKstring = ID+":"+secretstring