Does it matter whether secured communication using symmetric/ pre-shared keys is happening over normal Socket or SSLSocket? How?

Question

If I am using any of the TLS_PSK_* cipher suites, then all I need to use some pre-shared key among client and server for encrypting and decrypting the message.

Would it matter whether I am sending the encrypted message over normal Socket or SSLSocket? How?

"All I need to use some pre-shared key" and that's all the attacker needs too. One key and evey communication you have ever sent or will ever send via that channel is compromised. Don't try to invent your own cryptography. TLS generates a new session key every few *minutes,* and does *lots* of other things you haven't thought about. — user207421, Dec 10 '14 at 22:36
I would be using SSLSocket only. But I want to know what is those "lots of things" it does even without any cipher suite configured. — Manojkumar Khotele, Dec 11 '14 at 05:43

score 1 · Answer 1 · answered Dec 10 '14 at 22:27

1

Although it is not impossible to create a secure connection yourself (which I presume you are hinting at) there are so many pitfalls that the answer is usually "yes". Use TLS if it is available, the newer the protocol & ciphersuite the better...

answered Dec 10 '14 at 22:27

Maarten Bodewes

90,524
13
150
263

Actually I know it matters. But want to know in details how does it matter. Is SSLSocket without any cipher suite better than normal socket? How? – Manojkumar Khotele Dec 11 '14 at 09:11

Does it matter whether secured communication using symmetric/ pre-shared keys is happening over normal Socket or SSLSocket? How?

1 Answers1