Skip to content

Fixes for PSK Handshake without Diffie-Hellman #9607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Frauschi wants to merge 1 commit into from
Closed

Fixes for PSK Handshake without Diffie-Hellman #9607

Frauschi wants to merge 1 commit into from
+15 −1

Conversation

@Frauschi
Copy link
Contributor

@Frauschi Frauschi commented Jan 5, 2026

  • Make sure no KeyShare is sent from the client when DH is disabled in PSK mode
  • Fix server error in Suite matching in case no KeyShare is present

Found while testing PSK-only handshakes on embedded devices where client-side KeyShare generation is costly.

@Frauschi
Fixes for PSK Handshake without Diffie-Hellman
dbeead4 
* Make sure no KeyShare is sent from the client when DH is disabled in PSK mode
* Fix server error in Suite matching in case no KeyShare is present
@wolfSSL-Bot
Copy link

wolfSSL-Bot commented Jan 5, 2026

Can one of the admins verify this patch?

@dgarske
Copy link
Contributor

dgarske commented Jan 5, 2026

Okay to test.

@Frauschi
Copy link
Contributor Author

Frauschi commented Jan 7, 2026

After checking the failing tests and digging deeper in the behavior of the PskKeyExchangeModes extension, I conclude that this PR in the current form does not work.

As the PskKeyExchangeModes extension is also used to indicate to the server the desired PSK modes for a future SessionTicket, it is also sent when no actual PSK for the current session is provided. Hence, even when the noPskDheKe option is enabled, we cannot simply disable the generation of the KeyShare (and necessarily the SupportedGroups) extensions for the ClientHello. We may only do that if the ClientHello actually contains a PreSharedKey extension. To implement this, however, more thorough refactoring of the TLSX_PopulateExtensions() method would be necessary, which is probably not worth the effort at the moment.

@Frauschi Frauschi closed this Jan 7, 2026
@Frauschi Frauschi deleted the psk_keyshare_fix branch January 9, 2026 08:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Frauschi @wolfSSL-Bot @dgarske