I misunderstood the PSA feature, and the error I was getting, and thought I needed to provide PSK because I was missing a call to psa_crypto_init. I’m now getting further, with the current hurdle being ‘x509_verify_cert() returned -9984 (-0x2700)’.

Jeff Thompson | Senior Electrical Engineer - Firmware
+1 704 752 6513 x1394
www.invue.com

From: Gilles Peskine via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: Friday, August 25, 2023 12:15 PM
To: mbed-tls@lists.trustedfirmware.org
Subject: [mbed-tls] Re: Does mbedTLS TLS1.3 only support PSK?

Hi Jeff,

Mbed TLS 3.4 supports ECDH/FFDH/PSK for key exchange and RSA/ECDSA/PSK for authentication in TLS 1.3. I'm not sure what you mean by “generated session keys”: are you trying to do session resumption, or a handshake authenticated with an X.509 certificate?

Best regards,

--
Gilles Peskine
Mbed TLS developer

On 25/08/2023 13:55, Thompson, Jeff via mbed-tls wrote:

I’ve got mbedTLS 3.1.4 and want to use TLS 1.3. My handshake fails very early because I don’t have any Pre-Shared Keys. Does mbedTLS TLS1.3 only support PSKs, or can I still use generated session keys as does TLS 1.2? If so, how?

Jeff Thompson | Senior Electrical Engineer - Firmware
+1 704 752 6513 x1394
www.invue.com