> On Dec 24, 2018, at 2:44 PM, Salz, Rich via openssl-users <openssl-users@xxxxxxxxxxx> wrote: > > Pre-shared keys (PSK) don't require certs, maybe that meets the need. A thing to know about PSK is that each side is fully trusted, and if one side gets the key stolen, then the thief can pretend to be either side. PSK only makes sense for svelte SSL libraries that either run on devices with too little CPU to do public key crypto, or don't want to the pay the code footprint of X.509 certificate processing. For OpenSSL on a typical computer, PSK deployment and application support is more complex than just going with self-signed certs. The OP is IMHO better off avoiding PSKs. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
