Skip to main content
TlsOptions.pskCallback - tls - Node documentation
method TlsOptions.pskCallback

Usage in Deno

import { type TlsOptions } from "node:tls";
TlsOptions.pskCallback(
socket: TLSSocket,
identity: string,
):
DataView
| TypedArray
| null

Parameters

socket: TLSSocket
identity: string

identity parameter sent from the client.

Return Type

DataView
| TypedArray
| null

pre-shared key that must either be a buffer or null to stop the negotiation process. Returned PSK must be compatible with the selected cipher's digest.

When negotiating TLS-PSK (pre-shared keys), this function is called with the identity provided by the client. If the return value is null the negotiation process will stop and an "unknown_psk_identity" alert message will be sent to the other party. If the server wishes to hide the fact that the PSK identity was not known, the callback must provide some random data as psk to make the connection fail with "decrypt_error" before negotiation is finished. PSK ciphers are disabled by default, and using TLS-PSK thus requires explicitly specifying a cipher suite with the ciphers option. More information can be found in the RFC 4279.

Back to top