预共享密钥 | Node.js API 文档

🌐 Pre-shared keys

TLS-PSK 支持可以作为普通基于证书的认证的替代方案。它使用预共享密钥而不是证书来认证 TLS 连接，从而提供双向认证。TLS-PSK 与公钥基础设施并不互相排斥。客户端和服务器可以同时支持两者，并在正常的密码协商步骤中选择其中一种。

🌐 TLS-PSK support is available as an alternative to normal certificate-based authentication. It uses a pre-shared key instead of certificates to authenticate a TLS connection, providing mutual authentication. TLS-PSK and public key infrastructure are not mutually exclusive. Clients and servers can accommodate both, choosing either of them during the normal cipher negotiation step.

TLS-PSK 仅在有办法与每台连接的机器安全共享密钥的情况下才是一个好的选择，因此它不能替代大多数 TLS 使用场景下的公钥基础设施（PKI）。近年来，OpenSSL 中的 TLS-PSK 实现出现了许多安全漏洞，主要是因为它只被少数应用使用。请在切换到 PSK 密码套件之前考虑所有替代解决方案。生成 PSK 时，使用足够的熵至关重要，如 RFC 4086 所述。从密码或其他低熵来源派生共享密钥是不安全的。

🌐 TLS-PSK is only a good choice where means exist to securely share a key with every connecting machine, so it does not replace the public key infrastructure (PKI) for the majority of TLS uses. The TLS-PSK implementation in OpenSSL has seen many security flaws in recent years, mostly because it is used only by a minority of applications. Please consider all alternative solutions before switching to PSK ciphers. Upon generating PSK it is of critical importance to use sufficient entropy as discussed in RFC 4086. Deriving a shared secret from a password or other low-entropy sources is not secure.

PSK 密码套件默认情况下是禁用的，因此使用 TLS-PSK 需要通过 ciphers 选项显式指定密码套件。可用密码套件的列表可以通过 openssl ciphers -v 'PSK' 获取。所有 TLS 1.3 密码套件都可用于 PSK，但目前只支持使用 SHA256 摘要的套件，它们可以通过 openssl ciphers -v -s -tls1_3 -psk 获取。

🌐 PSK ciphers are disabled by default, and using TLS-PSK thus requires explicitly specifying a cipher suite with the ciphers option. The list of available ciphers can be retrieved via openssl ciphers -v 'PSK'. All TLS 1.3 ciphers are eligible for PSK but currently only those that use SHA256 digest are supported they can be retrieved via openssl ciphers -v -s -tls1_3 -psk.

根据 RFC 4279，必须支持长达 128 字节的 PSK 标识符和长达 64 字节的 PSK。截至 OpenSSL 1.1.0，最大标识符大小为 128 字节，最大 PSK 长度为 256 字节。

🌐 According to the RFC 4279, PSK identities up to 128 bytes in length and PSKs up to 64 bytes in length must be supported. As of OpenSSL 1.1.0 maximum identity size is 128 bytes, and maximum PSK length is 256 bytes.

由于底层 OpenSSL API 的限制，当前的实现不支持异步 PSK 回调。

🌐 The current implementation doesn't support asynchronous PSK callbacks due to the limitations of the underlying OpenSSL API.