Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign updoc: move all TLS-PSK documentation to its section #35717
+29
−34
Conversation
|
I've also reworded some things and removed the phrase "identity must use UTF-8 encoding" since it doesn't seem to make sense, |
| @@ -146,6 +146,8 @@ specifying a cipher suite with the `ciphers` option. The list of available | |||
| ciphers can be retrieved via `openssl ciphers -v 'PSK'`. All TLS 1.3 | |||
| ciphers are eligible for PSK but currently only those that use SHA256 digest are | |||
| supported they can be retrieved via `openssl ciphers -v -s -tls1_3 -psk`. | |||
| On the client connection, a custom `checkServerIdentity` should be passed | |||
| since the default one will fail in the absence of a certificate. | |||
Trott
Oct 20, 2020
Member
Suggested change
since the default one will fail in the absence of a certificate.
because the default one will fail in the absence of a certificate.
Suggested change
| since the default one will fail in the absence of a certificate. | |
| because the default one will fail in the absence of a certificate. |
| @@ -154,6 +156,30 @@ maximum identity size is 128 bytes, and maximum PSK length is 256 bytes. | |||
| The current implementation doesn't support asynchronous PSK callbacks due to the | |||
| limitations of the underlying OpenSSL API. | |||
|
|
|||
| To use TLS-PSK, client and server should specify the `pskCallback` option, | |||
Trott
Oct 20, 2020
Member
"should" or "must"?
"should" or "must"?
|
Great idea |
| * Returns: {Buffer|TypedArray|DataView} the PSK (or `null`). | ||
|
|
||
| A return value of `null` stops the negotiation process and sends an | ||
| "unknown_psk_identity" alert message to the other party. |
lundibundi
Oct 21, 2020
Member
Suggested change
"unknown_psk_identity" alert message to the other party.
`unknown_psk_identity` alert message to the other party.
Suggested change
| "unknown_psk_identity" alert message to the other party. | |
| `unknown_psk_identity` alert message to the other party. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
The documentation on PSK is scattered in various places, I suggest we put it all in its section (and link to there).
PSK is a marginal feature and must be used with care, so I think it's better this way, and we avoid cluttering the
optionssection with really long option entries.@nodejs/documentation @nodejs/crypto