How to support TLS PSK in C# (Pre-shared key)

TLS PSK (Pre-shared key) support in C# and .NET is very hard to come by. And is not natively supported.

The SSLStream class in both .NET framework and .NET Core does not currently support getting SSL/TLS connections with the PSK or PSK-DHE Ciphersuites.

The TLS-PSK implementation in OpenSSL has seen many security flaws in recent years, mostly because it is used only by a minority of applications. Please consider all alternative solutions before switching to PSK ciphers.

To actually make this work you have to look for alternatives such as SSL termination proxies, or other programming languages all together.

Resources to look into:

wolfSSL C# Wrapper

The wolfSSL C# wrapper gives the ability to make use of the TLS/SSL security perfected from IoT and embedded devices in C# development. This allows for integration of a subset of wolfSSL API into a C# project. Supporting use of both DTLS and TLS connections.

Bouncy Castle

Bouncy castle plans to develop support for TLS-PSK client and server

sslpsk – Python PSK Library

This module adds TLS-PSK support to the Python 2.7 and 3.x ssl package.

NodeJS Support

TLS-PSK support is available as an alternative to normal certificate-based authentication. It uses a pre-shared key instead of certificates to authenticate a TLS connection, providing mutual authentication. TLS-PSK and public key infrastructure are not mutually exclusive. Clients and servers can accommodate both, choosing either of them during the normal cipher negotiation step.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *