I want to find some snippet code of Poco SSL connection with PSK (Pre-Shared Key Ciphersuites). However I found some examples which always used certificate(Private/Public Key). Is it possible to support PSK SSL/TLS? if yes, how can I do this? or is there any hint?
Thanks in advance.
Added some CERT code snippet for reference. I can do it with CERT (and privkey), however I don't know how to do this for PSK. Here is my code snippet for CERT.
=======================code for CERT=================================
try
{
initializeSSL();
SharedPtr<InvalidCertificateHandler> ptrHandler = new AcceptCertificateHandler(false);
Context::Ptr ptrContext = new Context(Context::CLIENT_USE, "certs/client01.key", "certs/client01.crt", "", Context::VERIFY_RELAXED, 9, true, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
SSLManager::instance().initializeClient(0, ptrHandler, ptrContext);
SocketAddress sa(host, port);
SecureStreamSocket socket(sa);
socket.connect(sa);
std::string data("hello, world");
socket.sendBytes(data.data(), (int)data.size());
cout << "Message successfully sent" << endl;
uninitializeSSL();
}
I don't find any API which I can set or pass psk_server_cb/psk_client_cb function pointer in.
Is it possible to support PSK SSL/TLS? if yes, how can I do this? or is there any hint?
Yes, its possible to do with SSL/TLS.
This is how to use Preshared Keys in OpenSSL. You would use this technique in, say, a TLS Client :
const char* const PREFERRED_CIPHERS = "PSK";
res = SSL_set_cipher_list(ssl, PREFERRED_CIPHERS);
if(res != 1) handleFailure();
The cipher list created from the string is:
$ openssl ciphers 'PSK'
PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA:PSK-RC4-SHA:PSK-3DES-EDE-CBC-SHA
You can kill-off the weak/wounded ciphers with:
const char* const PREFERRED_CIPHERS = "PSK:!3DES:!RC4";
res = SSL_set_cipher_list(ssl, PREFERRED_CIPHERS);
if(res != 1) handleFailure();
Which results in:
$ openssl ciphers 'PSK:!3DES:!RC4'
PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA
I don't know how to do the same in Poco. I seem to recall there's once source file in Poco that handles all SSL/TLS. You should be able to apply the change above to the Poco sources without much effort.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.