can Poco SSLManager and SecureStreamSocket support SSL/TLS PSK (Pre-Shared Key Ciphersuites)?

Question

I want to find some snippet code of Poco SSL connection with PSK (Pre-Shared Key Ciphersuites). However I found some examples which always used certificate(Private/Public Key). Is it possible to support PSK SSL/TLS? if yes, how can I do this? or is there any hint?

Thanks in advance.

Added some CERT code snippet for reference. I can do it with CERT (and privkey), however I don't know how to do this for PSK. Here is my code snippet for CERT.

=======================code for CERT=================================

try
{
    initializeSSL();
    SharedPtr<InvalidCertificateHandler> ptrHandler = new AcceptCertificateHandler(false);
    Context::Ptr ptrContext = new Context(Context::CLIENT_USE, "certs/client01.key", "certs/client01.crt", "", Context::VERIFY_RELAXED, 9, true, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
    SSLManager::instance().initializeClient(0, ptrHandler, ptrContext);

    SocketAddress sa(host, port);
    SecureStreamSocket socket(sa);

    socket.connect(sa);

    std::string data("hello, world");
    socket.sendBytes(data.data(), (int)data.size());

    cout << "Message successfully sent" << endl;

    uninitializeSSL();
}

I don't find any API which I can set or pass psk_server_cb/psk_client_cb function pointer in.

Answer 1

Is it possible to support PSK SSL/TLS? if yes, how can I do this? or is there any hint?

Yes, its possible to do with SSL/TLS.

This is how to use Preshared Keys in OpenSSL. You would use this technique in, say, a TLS Client :

const char* const PREFERRED_CIPHERS = "PSK";
res = SSL_set_cipher_list(ssl, PREFERRED_CIPHERS);
if(res != 1) handleFailure();

The cipher list created from the string is:

$ openssl ciphers 'PSK'
PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA:PSK-RC4-SHA:PSK-3DES-EDE-CBC-SHA

You can kill-off the weak/wounded ciphers with:

const char* const PREFERRED_CIPHERS = "PSK:!3DES:!RC4";
res = SSL_set_cipher_list(ssl, PREFERRED_CIPHERS);
if(res != 1) handleFailure();

Which results in:

$ openssl ciphers 'PSK:!3DES:!RC4'
PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA

I don't know how to do the same in Poco. I seem to recall there's once source file in Poco that handles all SSL/TLS. You should be able to apply the change above to the Poco sources without much effort.