Is TLS 1.3 External PSK Supported? #5160
-
|
Is TLS 1.3 External PSK supported by MSQuic (specifically psk_dhe_ke)? Thanks |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
After digging a bit more on this discussion list, I found a related discussion here: #4008 but there was no conclusive answer. I'm not familiar enough with how an application interacts with the MsQuic's TLS implementation to configure TLS. Can an application directly configure the TLS (to use an external PSK ) via openssl/quictls APIs or does the application have to call through the MsQuic API? I could not find any obvious way to configure a PSK via the MsQuic API. Any help would be greatly appreciated. Thanks |
Beta Was this translation helpful? Give feedback.
-
|
MsQuic provides several credential options and acts as a pass-through for configuring the TLS layer, but the application built on top of MsQuic cannot directly configure the TLS layer. Unfortunately, MsQuic does not support PSK mode for either OpenSSL/QuicTLS or Schannel (Schannel doesn't support PSK mode at all, to my knowledge). If this is a necessary feature, feel free to open an issue to track it. We are also open to external contributions, if you are motivated to add support to MsQuic for PSK. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the speedy reply. I will open an issue. I will be happy to help add PSK support to MsQuic if my employer agrees. Thanks again. |
Beta Was this translation helpful? Give feedback.
MsQuic provides several credential options and acts as a pass-through for configuring the TLS layer, but the application built on top of MsQuic cannot directly configure the TLS layer. Unfortunately, MsQuic does not support PSK mode for either OpenSSL/QuicTLS or Schannel (Schannel doesn't support PSK mode at all, to my knowledge). If this is a necessary feature, feel free to open an issue to track it. We are also open to external contributions, if you are motivated to add support to MsQuic for PSK.