No PSK Ciphersuites in ClientHello

[mprt]

Hi,
Most likely I'm just too stupid to use your stuff correctly, but this issue is driving me nuts since days.

  sock = socket(AF_INET, SOCK_STREAM)
  sock.connect( ("localhost", 7654) )
  hss = HandshakeSettings()
  hss.pskConfigs = [(b'Client_Identity', b'\x30\x30\x30\x30')]
  hss.cipherNames = ["aes128", "aes128gcm"]
  hss.psk_modes = ["psk_ke"]
  hss.minVersion = (3, 3)   # TLS1.2
  hss.maxVersion = (3, 3)   # TLS1.2
  connection = TLSConnection(sock)
  connection.handshakeClientCert(settings = hss)

Running this will give me a ClientHello with no PSK Cipher Suite, but 10 other ones (ECDHE, DHE, RSA, EMPTY_...)

If I allow TLS 1.3, I just get an additional TLS_AES_128_GCM_SHA256 Cipher Suite and a few more extensions (pre_shared_key, psk_key_exchange_modes,...)

Could it be that this behaviour is desired since the PSK Ciphersuites are TLSv1.2 "legacy"?

[tomato42]

Running this will give me a ClientHello with no PSK Cipher Suite, but 10 other ones (ECDHE, DHE, RSA, EMPTY_...)

If I allow TLS 1.3, I just get an additional TLS_AES_128_GCM_SHA256 Cipher Suite and a few more extensions (pre_shared_key, psk_key_exchange_modes,...)

that's because PSK is supported only in TLS 1.3, TLS 1.2 and earlier PSK ciphersuites are not supported

yes, the README.md is a bit confusing on this, README is more explicit

Could it be that this behaviour is desired since the PSK Ciphersuites are TLSv1.2 "legacy"?

no, it's not: #22, but as the milestone indicates, I don't plan to work on it in the near future

[mprt]

Thanks for clarifying!