Topic: Tls 1.3 PSK with ECDH
Hello! This is my first topic here and I am new to Tls. I am trying to make sure I understand the implications of what I have built.
I am working on a project where I have established a secure client-server connection using PSK. I am using this method because I do not have the infrastructure to store security certificates but I do have an authenticated service which can provide a PSK to Clients and Servers, before the Clients initiate connections to Servers.
I have been reading a lot online about Tls 1.3 and how it supports three basic key exchange modes:
-ECDHE
-PSK only
-PSK with ECDHE
Is this true? My understanding was that PSK only suffers from lack of forward secrecy - if no ephemeral shared key is generated, there is a vulnerability if the PSK is leaked. I thought that Tls 1.3 guarantees forward secrecy. I want to make sure my connections encrypt application data with ephemeral keys.
As explained in the documentation, I am building with --enable-psk and using:
wolfSSL_CTX_set_psk_client_callback() // Client
wolfSSL_CTX_set_psk_server_callback() // Server
wolfSSL_CTX_use_psk_identity_hint() // Server
The connection establishes fine and I see the chosen cipher to be TLS13-AES128-GCM-SHA256. I believe I am seeing the key exchange occur (I see 1RTT before handshake complete), but I'm wondering how I can know for sure