Google Git
Sign in
boringssl/boringssl/cc635fb59ea527cf37408e58e634d44459dcc26d^!/.
commit
cc635fb59ea527cf37408e58e634d44459dcc26d
[log]
author
David Benjamin <davidben@google.com>
Wed Mar 04 20:23:48 2026 -0500
committer
Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu Mar 05 05:56:03 2026 -0800
tree
2c395db3e03f1688d36e0f11fabc1d724417c48c
parent
2127bd31b60ecc072559f5fa4cca027eec3a3530 [diff]
Warn in docs that TLS 1.3 PSKs must be high entropy

I thought I wrote this, but it must have gotten lost while I was working
on this across machines. Put something like it back; using a password as
a PSK is a somewhat attractive nuisance and *not* safe.

Bug: 369963041
Change-Id: I3840e72658b43e4d26a1b5aad789f79fc71ff633
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90327
Reviewed-by: Lily Chen <chlily@google.com>
Commit-Queue: Lily Chen <chlily@google.com>
Auto-Submit: David Benjamin <davidben@google.com>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 96e6c2a..27f71de 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -3720,6 +3720,11 @@
 // |SSL_CTX_add1_credential| or |SSL_add1_credential|. |context| is the context
 // string to use when importing to TLS.
 //
+// WARNING: An attacker with knowledge of |key| can impersonate either side of
+// the connection. Additionally, using a pre-shared key exposes |key| to offline
+// brute force attacks. |key| must thus be a high-entropy, secret value.
+// Passwords or short PINs, for example, would not be safe to use as |key|.
+//
 // Callers can configure the credential list with multiple PSKs, or a mix of
 // PSKs and other credentials, in some preference order. Due to protocol
 // differences, clients and servers evaluate PSKs in the credential list