Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Pre shared keys (TLS-PSK) NGINX configuration

Tags:

nginx

ssl

I have a very constrained device running on battery power that doesn't have the horsepower to do key exchange, so instead, we'd like to use PSK (pre-shared keys) to secure the channel. I can't seem to find any information on how to configure this with NGINX.

I see that ssl_ciphers has PSK (which I've enabled) but where/how do I specify the shared keys between NGINX and the client? Is this supported?

like image 897
outside2344 Avatar asked Mar 19 '14 17:03

outside2344


2 Answers

As of now, nginx does not support PSK ciphers. There is an attempt to add support though, some preliminary patches can be found here:

http://mailman.nginx.org/pipermail/nginx-devel/2017-September/010460.html

If you are interested in adding PSK support, please consider testing the patches and providing some feedback on them.

like image 161
Maxim Dounin Avatar answered Nov 09 '22 12:11

Maxim Dounin


You might use a stunnel for this. It supports TLS-PSK and is easy to set up!

like image 38
David Asher Avatar answered Nov 09 '22 12:11

David Asher