I have build multiple embedded devices with TLS1.2/3 + PSK using mbedtls and wolfssl libraries.
My products have been with microcontrollers(ESP32, Silicon labs, etc.) and OpenWRT based Linux products. The devices mainly establish a session and using the session would use MQTT or proprietary protocols to communicate with the cloud.
The connectivity goals of most of these products are:
- Connect to cloud and download configurations - mostly
- Check and download firmware updates - once a month
- Online app based control - rare
- Upload diagnostic data - Most frequently used
Lately I have been going through next release tickets for mbedtls and happen to stumble upon a ticket which plans to remove DHE-PSK
I understand the goal of the ticket is to remove Cipher suites with DHE and not ECDHE
As part of my update process in future designs, I would like to educate myself, if TSL with PSK would be a recommend Cipher suites for embedded devices.
Could someone please point out which direction should be considered?