How to support TLS PSK in C# (Pre-shared key)

TLS PSK (Pre-shared key) support in C# and .NET is very hard to come by. And is not natively supported.

The SSLStream class in both .NET framework and .NET Core does not currently support getting SSL/TLS connections with the PSK or PSK-DHE Ciphersuites.

The TLS-PSK implementation in OpenSSL has seen many security flaws in recent years, mostly because it is used only by a minority of applications. Please consider all alternative solutions before switching to PSK ciphers. 

https://nodejs.org/api/tls.html

To actually make this work you have to look for alternatives such as SSL termination proxies, or other programming languages all together.

Resources to look into:

wolfSSL C# Wrapper

The wolfSSL C# wrapper gives the ability to make use of the TLS/SSL security perfected from IoT and embedded devices in C# development. This allows for integration of a subset of wolfSSL API into a C# project. Supporting use of both DTLS and TLS connections.

https://www.wolfssl.com/products/wolfssl-csharp/

Bouncy Castle

Bouncy castle plans to develop support for TLS-PSK client and server

https://github.com/BItGriff/bc-csharp

sslpsk – Python PSK Library

This module adds TLS-PSK support to the Python 2.7 and 3.x ssl package.

https://github.com/drbild/sslpsk

NodeJS Support

TLS-PSK support is available as an alternative to normal certificate-based authentication. It uses a pre-shared key instead of certificates to authenticate a TLS connection, providing mutual authentication. TLS-PSK and public key infrastructure are not mutually exclusive. Clients and servers can accommodate both, choosing either of them during the normal cipher negotiation step.

https://nodejs.org/api/tls.html

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *