We are looking into supporting TLS-PSK for a set of constrained devices that do not have sufficient resources to do the normal TLS handshake using certificates. To that end we are looking for a TLS-PSK component, that we can integrate on our (cloud) servers. This component may be anything, a proxy, module for apache or anything else that scales well.
So far we have found several libraries that support TLS-PSK: GnuTLS, OpenSSL amongst others. Moreover, we can find several HTTPS/TLS client libraries that we can use to send HTTP(S) requests over a TLS-PSK connection. However, what we have not been able to find are server-side solutions that would accept such TLS-PSK connections. Apache modules mod_ssl, and mod_gnutls do not expose the TLS-PSK capabilities of the underlying libraries. F5 Big-IP has TLS-PSK not in its cipher lists. HAProxy does not have TLS-PSK interfaces as well. The node.js TLS library had a pull-request that became stale and hard to apply with all the recent TLS lib refactorings...
So in short: does anyone know of a TLS-PSK capable component that we can integrate in our server backends to accept TLS-PSK connections from a large set of clients?
stunnel might be capable of helping here. PSK was added in 5.09
Installation
/etc/stunnel/stunnel.conf:
[PSK server]
accept = 443
connect = 80
ciphers = PSK
PSKsecrets = /path/to/psk.txt
debug = 7
psk.txt (chmod 600):
client1:oaP4EishaeSaishei6rio6xeeph3az
Run with stunnel
, or set up a service
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With