Clarify OpenSSL RSA-PSK situation in compat.sh

[mpg]

Description

• Type: Enhancement (tests)
• Priority: Minor

Enhancement

In compat.sh RSA-PSK suites are not tested for interop with OpenSSL (only with GnuTLS) and no comment clearly explains why. If I remember correctly, it was either because I couldn't find the correct invocation of openssl s_server/s_client when I added those suites, of because there was a bug in openssl that prevented us from using this key exchange from the command line.

Either way, this should be reevaluated: if interop testing for these suites with OpenSSL can be added, we should do it, or if it can't we should record why (and if there is an issue in openssl command, report it).

Justification - why does the library need this feature?

We always want more interop testing.

[ciarmcom]

ARM Internal Ref: IOTSSL-2154

[mpg]

Ok, I think I found what the issue was: RSA-PSK is only supported from OpenSSL 1.1.0 (look for RSA_PSK in the ChangeLog and currently the CI has 1.0.2 as the default OpenSSL version.

[mpg]

Ok, I also just "remembered" the hard way that even with newer OpenSSL versions that support RSA-PSK, there is a problem with client authentication.

(IIRC the problem is that when configured for certificate-based client authentication, OpenSSL will try to do that even if an RSA-PSK ciphersuite is selected. This needs to be confirmed and possibly reported as a bug against OpenSSL. We could work around this by changing the way we invoke s_server.)

[gilles-peskine-arm]

With #8170 we are removing support for RSA-PSK in the next release of Mbed TLS (Mbed TLS 4.0), so this issue is now only applicable to long-term support branches (2.28, 3.6).

We have not needed to fix this in years, so this is low importance. As it is now also low relevance, I am closing this issue.