<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div></div>
<p dir="auto">Currently, setting PSK credential callbacks with GnuTLS results in PSK silently not working. You also have to enable PSK in the priorities. There is no documentation on this problem and the behavior is cryptic.</p>
<p dir="auto">I propose enabling the PSK family of algorithms by default. This way, setting the PSK callbacks will work by default. If an admin overrides this with "-PSK" (etc), it should forcibly disable PSK regardless of the callbacks.</p>
<p dir="auto">I realize this raises the question of <code>PSK</code> vs <code>DHE-PSK</code> vs <code>ECDHE-PSK</code>. There are no known weaknesses with <code>ECDHE-PSK</code> or <code>DHE-PSK</code>. So these should be preferred to <code>PSK</code> because they provide PFS. Should a weakness be discovered, they can be demoted. Likewise, should a user feel paranoid about asymmetric cryptography, they can simply override the default.</p>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/680">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/2aac3d1a6363abfac4c354b4d5424d27/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/680"}}</script>
</p>
</div>
</body>
</html>