W dniu 16.04.2022 o 00:09, [email protected] pisze:
Is there a way to force PSK Authentication?
Current behavior is that if the client has no PSK Authentication configured, no
authentication is performed and the connection proceeds even when the server
has this configured:
ciphers = PSK
PSKsecrets = mypsk.txt
Is this expected behavior? Is there a way to enforce PSK, in other words block
clients without PSK Authentication?
Hello Gerhard,
Ether the PSK secret or the server certificate is used for authentication.
I suspect that the `cert` option in your server configuration is the
reason the server and a client negotiate the encryption algorithm and
cryptographic keys to use.
In TLSv1.2 you needed to use special PSK ciphersuites. In TLSv1.3 that
is no longer the case. Ciphersuites work quite differently and there is
no concept of having special PSK ciphersuites and option `ciphers = PSK`
is no use. You just use normal ciphersuites.
Regards,
Małgorzata Olszówka
_______________________________________________
stunnel-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
