{"id":8683,"library":"sslpsk-pmd3","title":"SSL-PSK for PyMobileDevice3","description":"sslpsk-pmd3 is a fork of the `sslpsk` library, specifically tailored to add TLS-PSK (Pre-Shared Key) support to the Python `ssl` package for `pymobiledevice3` usage. It enables secure socket communication using pre-shared keys, an alternative to traditional certificate-based TLS. The current version is 1.0.3, released on February 9, 2024, with irregular but active maintenance.","status":"active","version":"1.0.3","language":"en","source_language":"en","source_url":"https://github.com/doronz88/sslpsk-pmd3","tags":["ssl","tls","psk","tls-psk","preshared key","pymobiledevice3"],"install":[{"cmd":"pip install sslpsk-pmd3","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Required for underlying TLS-PSK functionality, specifically development headers for source builds.","package":"OpenSSL","optional":false}],"imports":[{"note":"This is the primary method for wrapping sockets with PSK support as shown in sslpsk-pmd3's documentation. While upstream sslpsk3 recommends SSLPSKContext, sslpsk-pmd3's direct usage focuses on wrap_socket.","symbol":"wrap_socket","correct":"import sslpsk_pmd3\nssl_sock = sslpsk_pmd3.wrap_socket(...)"}],"quickstart":{"code":"import socket\nimport sslpsk_pmd3\nimport os\n\n# Configuration from environment variables for security and flexibility\nHOST = os.environ.get('PSK_HOST', '127.0.0.1')\nPORT = int(os.environ.get('PSK_PORT', 6000))\nPSK_KEY = os.environ.get('PSK_KEY', 'abcdef').encode('utf-8')\nCLIENT_IDENTITY = os.environ.get('PSK_IDENTITY', 'client1').encode('utf-8')\n\ndef client_example(host, port, psk_key, client_identity):\n    try:\n        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n        print(f\"Attempting to connect to {host}:{port}...\")\n        sock.connect((host, port))\n        print(\"Socket connected. Wrapping with TLS-PSK...\")\n        \n        # Wrap the socket with TLS-PSK support\n        # PROTOCOL_TLSv1_2 is a common, widely supported version.\n        ssl_sock = sslpsk_pmd3.wrap_socket(\n            sock,\n            psk=psk_key,\n            psk_identity=client_identity,\n            ssl_version=sslpsk_pmd3.PROTOCOL_TLSv1_2\n        )\n        print(\"SSL socket wrapped. Sending data...\")\n        \n        message = \"Hello, TLS-PSK Server!\\n\"\n        ssl_sock.sendall(message.encode())\n        print(f\"Client sent: {message.strip()}\")\n        \n        received_data = ssl_sock.recv(1024).decode().strip()\n        print(f\"Client received: {received_data}\")\n        \n    except ConnectionRefusedError:\n        print(f\"Error: Connection refused. Ensure a TLS-PSK server is running on {host}:{port}.\")\n    except Exception as e:\n        print(f\"An error occurred: {e}\")\n    finally:\n        if 'ssl_sock' in locals() and ssl_sock:\n            ssl_sock.shutdown(socket.SHUT_RDWR)\n            ssl_sock.close()\n        elif 'sock' in locals() and sock:\n            sock.close()\n        print(\"Connection closed.\")\n\nif __name__ == '__main__':\n    print(\"This quickstart demonstrates client-side usage of sslpsk-pmd3.\")\n    print(\"A corresponding TLS-PSK server is required to fully execute this example.\")\n    print(\"You can configure host, port, key, and identity via PSK_HOST, PSK_PORT, PSK_KEY, PSK_IDENTITY environment variables.\")\n    print(f\"Using defaults: Host={HOST}, Port={PORT}, PSK_KEY={'*' * len(PSK_KEY)}, PSK_IDENTITY={CLIENT_IDENTITY.decode()}\")\n    client_example(HOST, PORT, PSK_KEY, CLIENT_IDENTITY)","lang":"python","description":"This client-side example demonstrates how to establish a TLS-PSK connection using `sslpsk_pmd3.wrap_socket`. It connects to a specified host and port, wraps the socket with a pre-shared key and client identity, sends a message, and receives a response. Ensure a compatible TLS-PSK server is running for this example to fully succeed. Environment variables are used for sensitive information like PSK and connection details."},"warnings":[{"fix":"Use Python 3.8 to 3.12. Monitor GitHub for future 3.13+ support.","message":"Python 3.13 is not officially supported by sslpsk-pmd3. Attempts to install on Python 3.13 may lead to build failures.","severity":"breaking","affected_versions":"All versions on Python 3.13+"},{"fix":"Ensure OpenSSL development headers are installed (e.g., `sudo apt-get install libssl-dev` on Debian/Ubuntu, `brew install openssl@1.1` or `openssl@3` and linking on macOS).","message":"Installing sslpsk-pmd3 from source may fail if OpenSSL development headers are not installed on your system, particularly on macOS or Linux.","severity":"gotcha","affected_versions":"All versions, when building from source"},{"fix":"For `sslpsk-pmd3`, continue using `sslpsk_pmd3.wrap_socket`. For general Python SSL usage, prefer `ssl.create_default_context().wrap_socket()` or similar `SSLContext`-based approaches.","message":"The `ssl.wrap_socket()` function, which `sslpsk-pmd3`'s primary API emulates, is considered deprecated in upstream Python's `ssl` module since Python 3.2 (and 2.7.9) in favor of `SSLContext.wrap_socket()`. While `sslpsk-pmd3` still uses the `wrap_socket` pattern, for future compatibility and advanced features (like SNI), users of the underlying `sslpsk` might consider migrating to `SSLPSKContext` if available or planning for its adoption.","severity":"deprecated","affected_versions":"All versions of sslpsk-pmd3 on Python 3.12+"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Install OpenSSL development libraries on your system. For Debian/Ubuntu: `sudo apt-get install build-essential libssl-dev`. For macOS (with Homebrew): `brew install openssl@1.1` (or `openssl@3`) and ensure it's linked correctly (`brew link openssl@1.1 --force`).","cause":"During installation, the C extension for `sslpsk-pmd3` cannot find the OpenSSL header files required for compilation.","error":"fatal error: 'openssl/ssl.h' file not found"},{"fix":"Verify that you have OpenSSL development headers installed (see fix for 'openssl/ssl.h not found'). Also, ensure you are using a supported Python version (3.8-3.12). Check compiler toolchains if on Windows/macOS.","cause":"This error typically indicates that the C extension failed to compile, often due to missing OpenSSL development headers, an unsupported Python version, or an incompatible compiler environment.","error":"ERROR: Failed building wheel for sslpsk-pmd3"}]}