On Thursday, 10 May 2018 17:46:40 CEST Viktor Dukhovni wrote: > > On May 10, 2018, at 10:17 AM, Eric Rescorla <e...@rtfm.com> wrote: > >> Do you prepend some new "magic" to the (RFC5077 or similar) session > >> tickets? Or just look for a matching STEK key name and let that be > >> the "magic"? > > > > I would imagine, but NSS, at least, doesn't support external PSKs. > > Good to know. Does any implementation other than OpenSSL support > external PSKs? How do you distinguish between external PSKs and > resumption PSKs?
tlslite-ng does, but it is vulnerable to the enumeration attacks -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls