On Mon, Dec 24, 2018 at 04:29:49PM +0000, Matt Caswell wrote:
> How about using PSKs? That way you completely avoid the need for a
> certificate.
> Authentication is implied since both peers must have access to the PSK for the
> connection to succeed. ECDHE can be combined with the PSK to create a
> temporary
> key for the connection, thus giving you forward secrecy, e.g. using a
> ciphersuite such as ECDHE-PSK-AES128-CBC-SHA256.
This requires more complex application code on the client and server,
so I would not recommend it. And IIRC there may be some complications
with getting PSKs to work across both TLS 1.2 and TLS 1.3???
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
