Description of problem: TLS 1.3 was introduced with OpenSSL 1.1.1 and is used by default if the application Version-Release number of selected component (if applicable): openssl-1.1.1-3.fc29.x86_64 How reproducible: Always Steps to Reproduce: 1. Start server with a key longer than 512 bits (here: 130 nibbles => 65 bytes => 520 bits) openssl s_server -accept 4433 -nocert -psk $(printf '%.sa' {1..130}) 2. Try to connect openssl s_client -connect :4433 -psk $(printf '%.sa' {1..130}) 3. Actual results: Server side: Using default temp DH parameters ACCEPT ERROR 140164733306688:error:140940F4:SSL routines:ssl3_read_bytes:unexpected message:ssl/record/rec_layer_s3.c:1461: shutting down SSL CONNECTION CLOSED Client side: CONNECTED(00000004) 139953634740032:error:142120DB:SSL routines:tls_construct_ctos_early_data:bad psk:ssl/statem/extensions_clnt.c:752: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 7 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- Expected results: A successfull connection. Additional info: The connection can be successfully established by simply reducing the PSK size to 128 hex chars (i.e. 512 bits). It also works by disabling TLS 1.3 (-no_tls1_3 or -tls1_2) on the client side. It also works with OpenSSL 1.1.1a (tried on an Arch Linux machine, sorry), so it's probably already fixed upstream, I could not find a matching issue there, though.