[external PSK mode] abort handshake when failing to agree on use of PSK

h2o / picotls

TLS 1.3 implementation in C (master supports RFC8446 as well as draft-26, -27, -28)

527 stars 140 forks source link

[external PSK mode] abort handshake when failing to agree on use of PSK #489

Closed kazuho closed 9 months ago

kazuho commented 9 months ago

As external PSK is a mode of mutual authentication, we should fail by default.

This PR does not close our future to support mixed mode (i.e., authenticate using either external PSK or certificate chain). If we decide to do so, we could add a do_mixed_mode flag.