PreShared Key support in Bouncy Castle JSSE Provider #1604
Comments
|
@sbernard31 Likely this is an issue for OpenJDK; per https://bugs.openjdk.org/browse/JDK-8049402, it doesn't look like it supports point 4 ("Out-of-band PSK establishment") in the interfaces. Without interfaces from the JDK itself, it is (likely) impossible to implement this through the JSSE API... Unless perhaps we hack a fake, non-X509 (for PSK only) I'd suggest perhaps commenting on that issue if directly using the underlying BC TLS implementation isn't feasible. Note that this is achieved by that project by creating a custom SSLSocket/... interface that wraps our direct TLS implementation. It doesn't really support general interfaces for PSK. My 2c |
|
@cipherboy Thx for your answer 🙏 I get your point. I understand that missing API for PSK in JSSE API is an issue. But I also see there is project which deal with current API implementing I know this is not ideal because we should have a common interface like |
I understand that Bouncy Castle have support of PSK over (D)TLS.
But If I get it correctly this in not included in
BouncyCastleJsseProviderProvider ?Is there a way to get PSK available through JSSE API ?
If no, Is there plan about that ?
I see there is some side project which tries to achieve that but I don't really like the idea to rely on this kind of small project. (and they only support
SSLSocketFactorynotSSLEngine)(Sorry If asked many question about what is supported in Bouncy Castle because I'm currently try to understand if I should try to use it in Leshan an open source java implementation of LWM2M)
The text was updated successfully, but these errors were encountered: