bcgit
PSK support in TLSv1.3
PSK seems to still not supported in TLSv1.3. Do you have plan to support this, and what is the roadmap?
Are you interested in "session resumption" PSKs or external PSKs? Client or server or both?
I am actually working on external PSK support in the lightweight TLS API at the moment, and it might be available in the next release. I don't really know how that would look for BCJSSE so it's not currently on the roadmap.
Hopefully this work will lead us naturally into "session resumption" PSK support, including in BCJSSE, but there's no roadmap for that yet due to many competing priorities.
Currently, I am evaluating the addition of EST support to my opensource project XiPKI. For EST, I need the external PSK support in CA (TLS server side), and also the test client (TLS client). I prefer to TLSv1.3 since it needs less rounds than TLS1.2.
It is nice if this feature is available in the next release (do you mean 1.69?).
This will not make this release (1.69) unfortunately. I will be implementing external PSK support around mid-June and we will put out a beta version once it is done.
We tried TLS PSKv1.3 from 1.69 , Seems some issue still there ? Any update ?
As mentioned above, this was not included in 1.69. It is currently in-progress.
Hi @peterdettman
Any timeline or plan for TLS PSKv1.3 ? Any update ?
TLS 1.3 PSK client-side support is already implemented since several weeks ago, and server-side support is in-progress.
Yes, in 1.70. Server-side has only been done far enough to support testing, and in particular only supports PskKeyExchangeMode.psk_dhe_ke. There's probably another month before 1.70 will be released so it might be worthwhile trying it out with a beta version so that any bugs can be fixed before that.
