You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I understand that Bouncy Castle have support of PSK over (D)TLS.
But If I get it correctly this in not included in BouncyCastleJsseProvider Provider ?
Is there a way to get PSK available through JSSE API ?
If no, Is there plan about that ?
I see there is some side project which tries to achieve that but I don't really like the idea to rely on this kind of small project. (and they only support SSLSocketFactory not SSLEngine)
(Sorry If asked many question about what is supported in Bouncy Castle because I'm currently try to understand if I should try to use it in Leshan an open source java implementation of LWM2M)
The text was updated successfully, but these errors were encountered:
@sbernard31 Likely this is an issue for OpenJDK; per https://bugs.openjdk.org/browse/JDK-8049402, it doesn't look like it supports point 4 ("Out-of-band PSK establishment") in the interfaces. Without interfaces from the JDK itself, it is (likely) impossible to implement this through the JSSE API... Unless perhaps we hack a fake, non-X509 (for PSK only) X509Certificate KeyManager class that we can detect in our underlying implementation. This is rather ugly and unlikely to be accepted, plus would make interoperability with any later JDK-provided PSK-in-JSSE harder, if they provide something different than our KeyManager in typing.
I'd suggest perhaps commenting on that issue if directly using the underlying BC TLS implementation isn't feasible.
Note that this is achieved by that project by creating a custom SSLSocket/... interface that wraps our direct TLS implementation. It doesn't really support general interfaces for PSK. My 2c
But I also see there is project which deal with current API implementing KeyManager.
See : PSKKeyManager from conscrypt project.
I know this is not ideal because we should have a common interface like X509KeyManager in OpenJDK but do you think this could be a way ? I mean Bouncy Castle could create it's own PSKKeyManager for JSSE.
Then eventually we can try to push it in OpenJDK ?
I understand that Bouncy Castle have support of PSK over (D)TLS.
But If I get it correctly this in not included in
BouncyCastleJsseProvider
Provider ?Is there a way to get PSK available through JSSE API ?
If no, Is there plan about that ?
I see there is some side project which tries to achieve that but I don't really like the idea to rely on this kind of small project. (and they only support
SSLSocketFactory
notSSLEngine
)(Sorry If asked many question about what is supported in Bouncy Castle because I'm currently try to understand if I should try to use it in Leshan an open source java implementation of LWM2M)
The text was updated successfully, but these errors were encountered: