I'm working with a framework (Vertx 2) and need to implement a service that runs on top of TLS. Vertx 2 has support for TLS, but I cannot get it to use the necessary ciphers (among others):
- TLS_PSK_WITH_3DES_EDE_CBC_SHA
- TLS_PSK_WITH_AES_128_CBC_SHA
I also cannot use the Bouncy Castle lightweight API as it is stream-based and blocks (spawning threads etc. to deal with this is not acceptable as that will not scale). The same goes for JESSIE.
It must use AES & DES with pre-shared keys, but I've been unable to find a way to get this to work. Any solution which is non-blocking/async is workable.
If you're on Linux or OSX, Conscrypt (https://conscrypt.org) might be an option. This is an OpenSSL/BoringSSL backed JCA Provider which will give you an SSLEngine impl which you can then use with Java NIO in non-blocking mode. For context, Conscrypt is the default provider of crypto and TLS/SSL primitives on Android.
To use it with TLS-PSK, you'll need to initialize a Conscrypt-provided SSLContext with an implementation of org.conscrypt.PSKKeyManager and then obtain an SSLEngine from that context. For documentation, see PSKKeyManager interface Javadoc or Javadoc of very similar Android framework class PskKeyManager (https://developer.android.com/reference/android/net/PskKeyManager.html).