Pre-Shared Key Authentication

Pre-shared key authentication uses a pre-shared key to authenticate the communicating peers, and a negotiated cipher and secret shared key for encrypting and decrypting the data. This mode is also known as TLS-PSK.

The pre-shared key is a string that can be any word or phrase that does not include a comma. It is specified using the shared_key connector option. Optionally, you can use the cipher_list connector option to select a specific cipher to be used.

Both the TLS client and the TLS server must be configured to use the same pre-shared key, otherwise the connection will fail and a network error returned. For each path that uses the TLS connection, you need to specify the pre-shared key in both client and server assignment files that use that path.

Note: Pre-shared key authentication is not supported by the Web Request Dispatcher.

Pre-shared key authentication defaults to the strongest encryption cipher supported by both ends of the connection. For older servers that do not support more secure ciphers, you can specify one or more of the following encryption ciphers using the cipher_list TLS connector option:

  • PSK-AES256-CBC-SHA
  • PSK-AES128-CBC-SHA
  • PSK-RC4-SHA (disabled by default)
  • PSK-3DES-EDE-CBC-SHA (disabled by default)

A pre-shared key can potentially be read by a hacker who has gained read access to your assignment files, so you should take precautions to prevent this, such as restricting read access to the user account under which the Uniface executable runs, and encrypting assignment files using Uniface Pathscrambler.

Related Topics