TLS with out-of-band Pre-shared keys (PSKs) in Golang

Question

I'm looking for a way to establish TLS sessions using out-of-bound PSK in Go. I control both the server and client.

Reading Golang TLS implementation, it seems like the library only supports PSK in session resumption where PSKs are obtained from previous sessions. In my scenario, though, PSK are established between the server and the client out-of-band, which AFAIK is "permitted" according to RFC 8446 ("TLS PSKs can be established out of band.") Does anyone know if Go supports that already or if there are other TLS libraries that do?

Marc · Answer 1 · 2020-09-11T06:52:11.890

1

TLS-PSK (or the RSA/DHE variants) is not currently (Go 1.15) supported in the standard library.

There is an issue that has been open since 2013 but no movement on it. Multiple comments in that issue advertise forks of crypto/tls with purported support for external pre-shared keys; use at your own risk.

edited Sep 11 '20 at 06:52

answered Sep 11 '20 at 05:14

Marc

19,394
6
47
51

TLS with out-of-band Pre-shared keys (PSKs) in Golang

1 Answers1