Open sshock opened 4 months ago
The ptls_context_t key_exchanges can be set to NULL to force PSK-only mode.
ptls_context_t
key_exchanges
In this scenario, the client key_share_ctx is NULL, so encode_client_hello does not include any key_share entries.
key_share_ctx
NULL
encode_client_hello
So far so good. But encode_client_hello still includes PSK_DHE in the PSK_KEY_EXCHANGE_MODES, even though that mode won't be able to work.
In practice this hasn't caused any issues for me, but it would probably be good to exclude that mode in this scenario.
The
ptls_context_tkey_exchangescan be set to NULL to force PSK-only mode.In this scenario, the client
key_share_ctxisNULL, soencode_client_hellodoes not include any key_share entries.So far so good. But
encode_client_hellostill includes PSK_DHE in the PSK_KEY_EXCHANGE_MODES, even though that mode won't be able to work.In practice this hasn't caused any issues for me, but it would probably be good to exclude that mode in this scenario.