classification
Title: No way to use TLS-PSK from python ssl
Type: enhancement Stage: resolved
Components: Library (Lib), SSL Versions: Python 3.7
process
Status: closed Resolution: out of date
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: barry, christian.heimes, chrysn, giampaolo.rodola, janssen, jcea, karlp, luizdepra, njouanin, pitrou, ralight
Priority: normal Keywords:

Created on 2013-09-24 15:32 by karlp, last changed 2017-09-06 14:53 by christian.heimes. This issue is now closed.

Files
File name Uploaded Description Edit
5bcfpEKD.txt karlp, 2013-09-24 15:32 implementation of TLS-PSK from Mosquitto
Messages (5)
msg198362 - (view) Author: Karl Palsson (karlp) Date: 2013-09-24 15:32
OpenSSL supports TLS-PSK which some people (myself obviously) find to be substantially easier to use than setting up certs.

However, there's no way to use PSK via the current SSL api in python.  It would be very nice to be able to use PSK from python.

For OpenSSL, even the C API is particularly easy.  Attached is the implementation used in Mosquitto, a MQTT message broker that supports both cert based and PSK based TLS.
msg198364 - (view) Author: Jesús Cea Avión (jcea) * (Python committer) Date: 2013-09-24 15:42
Python 2.7 is open only for bugfixes. No new features.

Do you dare to write a patch for Python 3.4? :-). If you do, remember to sign a Contributor Agreement.

Give it a try! :)
msg198365 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2013-09-24 17:57
Is it different from TLS SRP, which already has a feature request in issue11943?
As Jesus said, feel free to propose a patch, even a proof of concept so that we start discussing the API.
msg198378 - (view) Author: Roger Light (ralight) Date: 2013-09-25 09:28
This is not TLS-SRP, but TLS-PSK as described by RFC 4279[1]

There is a very small amount of overlap - the "unknown_psk_identity" error defined by PSK is also used in SRP.

[1] http://tools.ietf.org/html/rfc4279
msg301475 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2017-09-06 14:53
This feature request has been idle for almost four years. Although TLS-PSK is nice to have, it is not a priority for protocols such as HTTPS. I neither have time nor motivation to create a patch myself. Therefore I'm closing this issue of lack of activity. Please feel free to re-open it with a patch against 3.7.
History
Date User Action Args
2017-09-06 14:53:17christian.heimessetstatus: open -> closed
resolution: out of date
stage: needs patch -> resolved
2017-09-06 14:53:02christian.heimessetmessages: + msg301475
2017-04-11 16:00:38chrysnsetnosy: + chrysn
2016-09-15 07:53:44christian.heimessetassignee: christian.heimes
components: + SSL
2016-09-08 15:32:56christian.heimessetversions: + Python 3.7, - Python 3.4
2015-09-23 12:06:25luizdeprasetnosy: + luizdepra
2015-08-21 15:17:30njouaninsetnosy: + njouanin
2013-09-25 09:28:45ralightsetmessages: + msg198378
2013-09-24 17:57:53pitrousetnosy: + janssen, pitrou, giampaolo.rodola, christian.heimes
messages: + msg198365

type: behavior -> enhancement
stage: needs patch
2013-09-24 15:47:23ralightsetnosy: + ralight
2013-09-24 15:42:50jceasetnosy: + jcea

messages: + msg198364
versions: - Python 2.7
2013-09-24 15:36:39barrysetnosy: + barry
2013-09-24 15:32:28karlpcreate