Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc: move all TLS-PSK documentation to its section #35717

Open
wants to merge 1 commit into
base: master
from

Conversation

@mildsunrise
Copy link
Member

@mildsunrise mildsunrise commented Oct 20, 2020

The documentation on PSK is scattered in various places, I suggest we put it all in its section (and link to there).

PSK is a marginal feature and must be used with care, so I think it's better this way, and we avoid cluttering the options section with really long option entries.

@nodejs/documentation @nodejs/crypto

@mildsunrise
Copy link
Member Author

@mildsunrise mildsunrise commented Oct 20, 2020

I've also reworded some things and removed the phrase "identity must use UTF-8 encoding" since it doesn't seem to make sense, identity is a string(?)

@@ -146,6 +146,8 @@ specifying a cipher suite with the `ciphers` option. The list of available
ciphers can be retrieved via `openssl ciphers -v 'PSK'`. All TLS 1.3
ciphers are eligible for PSK but currently only those that use SHA256 digest are
supported they can be retrieved via `openssl ciphers -v -s -tls1_3 -psk`.
On the client connection, a custom `checkServerIdentity` should be passed
since the default one will fail in the absence of a certificate.

This comment has been minimized.

@Trott

Trott Oct 20, 2020
Member

Suggested change
since the default one will fail in the absence of a certificate.
because the default one will fail in the absence of a certificate.
@@ -154,6 +156,30 @@ maximum identity size is 128 bytes, and maximum PSK length is 256 bytes.
The current implementation doesn't support asynchronous PSK callbacks due to the
limitations of the underlying OpenSSL API.

To use TLS-PSK, client and server should specify the `pskCallback` option,

This comment has been minimized.

@Trott

Trott Oct 20, 2020
Member

"should" or "must"?

@Trott
Trott approved these changes Oct 20, 2020
Copy link
Member

@lundibundi lundibundi left a comment

Great idea

* Returns: {Buffer|TypedArray|DataView} the PSK (or `null`).

A return value of `null` stops the negotiation process and sends an
"unknown_psk_identity" alert message to the other party.

This comment has been minimized.

@lundibundi

lundibundi Oct 21, 2020
Member

Suggested change
"unknown_psk_identity" alert message to the other party.
`unknown_psk_identity` alert message to the other party.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.