On Thu, 2018-05-10 at 11:46 -0400, Viktor Dukhovni wrote: > > On May 10, 2018, at 10:17 AM, Eric Rescorla <e...@rtfm.com> wrote: > > > > > Do you prepend some new "magic" to the (RFC5077 or similar) > > > session > > > tickets? Or just look for a matching STEK key name and let that > > > be > > > the "magic"? > > > > I would imagine, but NSS, at least, doesn't support external PSKs. > > Good to know. Does any implementation other than OpenSSL support > external PSKs? How do you distinguish between external PSKs and > resumption PSKs?
gnutls does. For external PSKs It checks for ticket age being zero and the username/identity within acceptable bounds. regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls