Discuss this help topic in SecureBlackbox Forum

Use pre-shared key cipher suites

SSL-enabled classes in SecureBlackbox support Pre-shared key (PSK) cipher suites as defined by RFC 4279.

PSK cipher suites are different from regular SSL/TLS cipher suites already because they utilize shared-key approach to security, while SSL was originally based on other principles.

To make use of PSK cipher suites, you need to take the following steps:

  • enable the cipher suites using CipherSuites property of the SSL-enabled class
  • implement a handler for OnKeyNeeded event of the SSL-enabled class. In response to this event your application provides a previously negotiated secret key, which will be used to secure communications.

The shared key is negotiated between the parties beforehand, using channels which are different from the SSL/TLS connection being secured or its unsecure counterpart (e.g. HTTP should not be used to negotiate the key that would be used to convert this HTTP connection into HTTPS). There exist no fixed requirements on the key size, as the TLS client and server derive the actual key to use from the key that you pass, but the longer length of the key ensures more entropy for the derived key.

Remember that PSK is a very recent addition to TLS, so it is not supported by many TLS clients and servers.

How To articles about common SSL/TLS questions

Discuss this help topic in SecureBlackbox Forum