How to support TLS PSK in C# (Pre-shared key)
TLS PSK (Pre-shared key) support in C# and .NET is very hard to come by. And is not natively supported.
The SSLStream class in both .NET framework and .NET Core does not currently support getting SSL/TLS connections with the PSK or PSK-DHE Ciphersuites.
The TLS-PSK implementation in OpenSSL has seen many security flaws in recent years, mostly because it is used only by a minority of applications. Please consider all alternative solutions before switching to PSK ciphers.
https://nodejs.org/api/tls.html
To actually make this work you have to look for alternatives such as SSL termination proxies, or other programming languages all together.
Resources to look into:
wolfSSL C# Wrapper
The wolfSSL C# wrapper gives the ability to make use of the TLS/SSL security perfected from IoT and embedded devices in C# development. This allows for integration of a subset of wolfSSL API into a C# project. Supporting use of both DTLS and TLS connections.
https://www.wolfssl.com/products/wolfssl-csharp/
Bouncy Castle
Bouncy castle plans to develop support for TLS-PSK client and server
https://github.com/BItGriff/bc-csharp
sslpsk – Python PSK Library
This module adds TLS-PSK support to the Python 2.7 and 3.x ssl
package.
https://github.com/drbild/sslpsk
NodeJS Support
TLS-PSK support is available as an alternative to normal certificate-based authentication. It uses a pre-shared key instead of certificates to authenticate a TLS connection, providing mutual authentication. TLS-PSK and public key infrastructure are not mutually exclusive. Clients and servers can accommodate both, choosing either of them during the normal cipher negotiation step.
Recent Comments