Remove non-ephemeral PSK ciphersuites from BSI TLS policy

author: René Korthaus <[email protected]> 2019-11-14 11:56:21 +0100
committer: René Korthaus <[email protected]> 2019-11-14 11:56:21 +0100
commit: 22eacdd63eda0b3749409edb3e5e3c3bcf8ec7f0 (patch)
tree: d7003462c1415d570edd34174310af0dcc3c5c41
parent: 070d1cf60fab1e0eac46298c87c7093d733d81f1 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index ca2c08606..c4ddcd65c 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -435,7 +435,7 @@ class BOTAN_PUBLIC_API(2,0) BSI_TR_02102_2 : public Policy
 
       std::vector<std::string> allowed_key_exchange_methods() const override
          {
-         return std::vector<std::string>({"ECDH", "DH", "PSK", "ECDHE_PSK", "DHE_PSK"});
+         return std::vector<std::string>({"ECDH", "DH", "ECDHE_PSK", "DHE_PSK"});
          }
 
       std::vector<std::string> allowed_signature_methods() const override
diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt
index 802c5c9b8..fec2849ed 100644
--- a/src/tests/data/tls-policy/bsi.txt
+++ b/src/tests/data/tls-policy/bsi.txt
@@ -7,7 +7,7 @@ allow_dtls12 = false
 ciphers = AES-256/GCM AES-128/GCM AES-256 AES-128 AES-256/CCM AES-128/CCM
 signature_hashes = SHA-512 SHA-384 SHA-256
 macs = AEAD SHA-384 SHA-256
-key_exchange_methods = ECDH DH PSK ECDHE_PSK DHE_PSK
+key_exchange_methods = ECDH DH ECDHE_PSK DHE_PSK
 signature_methods = ECDSA RSA DSA
 key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 ffdhe/ietf/4096 ffdhe/ietf/3072 ffdhe/ietf/2048
 minimum_dh_group_size = 2000
author	René Korthaus <[email protected]>	2019-11-14 11:56:21 +0100
committer	René Korthaus <[email protected]>	2019-11-14 11:56:21 +0100
commit	22eacdd63eda0b3749409edb3e5e3c3bcf8ec7f0 (patch)
tree	d7003462c1415d570edd34174310af0dcc3c5c41
parent	070d1cf60fab1e0eac46298c87c7093d733d81f1 (diff)