Rahul, On 1/26/21 22:49, Rahul Shukla wrote:
Hi All, I am using Tomcat server with version 9.0.37 and JSSE is configured for TLS. *Use Case:* TLS Client, that uses OpenSSL1.1.1d internally, is trying to connect this Tomcat server using PSK and SRP based ciphers(Ex : _RSA-PSK-AES256-GCM-SHA384). Here we are observing a Fatal error on the client side. *Question:* Are PSK and SRP based ciphers supported by the Tomcat server configured with JSSE? I found one old article saying that it is not supported by JSSE( http://tomcat.10.x6.nabble.com/How-to-set-up-TLS-PSK-with-Tomcat-td5022729.html). Not sure if it is supported in the latest versions. If it is supported, how can I configure it. Any reference will be really appreciated. Any idea, if PSK and SRP based ciphers are only supported for any specific TLS protocol version?
I don't believe PSK is supported until TLSv1.3 in Oracle's JSSE. YOu may be able to use BouncyCastle, which appears to support it at least for clients.
Tomcat has no configuration for this kind of thing because (a) it's not terribly secure and (b) nobody really wants it and (c) we don't have an example of a JSSE provider which supports it.
If you are able to get a simple SSLSocketFactory configured to connect to a server with a PSK-based cipher suite in use and can provide the code to do that, I'm sure we can find a way to integrate that into Tomcat.
But I don't think anyone around here is going to scratch that particular itch because it doesn't seem worth it.
-chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
