-
Notifications
You must be signed in to change notification settings - Fork 10.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS-PSK #24238
Comments
Hi, any updates on this feature request? |
We do not have any plan to support TLS-PSK now. We are busy re-designing TLS API to support credential reloading, custom authorization callback, SPIFFE support, and so on. |
Thanks for the update. Does the custom authorization callback effort enable us to plug-in a TLS-PSK backend ? |
@7hacker could you describe more about TLS-PSK backend? It is hard for me to evaluate. |
@jiangtaoli2016 sure, just spitballing here since I'm not clear on the custom auth callback on gRPC either. Essentially can the custom callback defer to our implementation of TLS and we choose to use PSK's for authorization? |
Please take a look at new API at grpc/proposal#205 and see if it helps your use case. |
I think the proposed grpc/proposal#205 couldn't support TLS-PSK mode. |
We do not support TLS-PSK in grpc core now. We do support session resumption in gRPC core and wrapped languages. |
This issue/PR has been automatically marked as stale because it has not had any update (including commits, comments, labels, milestones, etc) for 30 days. It will be closed automatically if no further update occurs in 7 day. Thank you for your contributions! |
I will close this issue, but feel free to reopen if anything else was brought up. |
So not to be too much of a necromancer, but I was wondering what kind of progress was made in the TLS redesign, and whether support for TLS-PSK is back on the table. |
Is your feature request related to a problem? Please describe.
While using gRPC in resource constrained, isolated environments TLS with pre-shared keys (TLS-PSK) is preferable over TLS with certs. Using a proxy just to solve TLS-PSK can degrade performance.
Describe the solution you'd like
Extension of the Auth API to support TLS-PSK
Describe alternatives you've considered
TLS-PSK proxy over insecure gRPC services
The text was updated successfully, but these errors were encountered: