With TLS 1.3 pre-shared key (PSK) a malicious or faulty server could ignore the request for PFS (perfect forward secrecy) and the client would continue on with the connection using PSK without PFS. This happened when a server responded to a ClientHello containing psk_dhe_ke without a key_share extension. The re-use of an authenticated PSK connection that on the clients side unexpectedly did not have PFS, reduces the security of the connection.
2025-11-21T22:16:18.920
2025-12-03T18:47:32.440
Analyzed
CVSSv3.1: 7.5 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | wolfssl | wolfssl | < 5.8.4 | Yes |
| Operating System | apple | macos | - | No |
| Operating System | linux | linux_kernel | - | No |