Good to hear it's working. As far as changing the defaults, we'll consider including RSA_PSK, although we might prefer to stick with only forward-secret cipher suites. The AES256 variants we can probably add.
Pete. On 19/02/2017 4:23 AM, Eduard Bloch wrote: > Hallo Everyone, > * Eduard Bloch [Sat, Feb 18 2017, 09:11:06PM]: > >>> Preferably find out exactly what cipher suites the server supports, or >>> if you have to guess, try including TLS_PSK_WITH_AES_128_CBC_SHA and >>> TLS_RSA_PSK_WITH_AES_128_CBC_SHA in the list. >> >> I have overriden that method and kept only >> CipherSuite.TLS_DHE_PSK_WITH_AES_128_CBC_SHA, >> CipherSuite.TLS_RSA_PSK_WITH_AES_128_CBC_SHA >> in the list. On the server side, I removed "PSK" alias and have set >> PSK-AES128-CBC-SHA explicitly. > > I hate it to answer to myself but it has to be. :-( > > Paying attention is the key. Adding TLS_RSA_PSK_WITH_AES_128_CBC_SHA did > solve the problem. It would be nice if you add it in the default > implementation, along with the AES256 version. > > Thank you! > > Best regards, > Eduard. >
