What I want is test tls handshake when psk is active. I also want to see every http header exchanged during the connection between client (my laptop) and public server. Now I am wondering if there is a public psk tls server where I can do my test.
Regards.
I doubt that there is a web server using PSK on the internet open for public testing. Also I doubt that browsers support PSK cipher suites. But you can setup your own web server using PSK with openssl:
openssl s_server -psk 1a2b3c4d -nocert -www
And the matching client:
openssl s_client -connect 127.0.0.1:4433 -psk 1a2b3c4d
As for the HTTP protocol: it is independent from the TLS layer, i.e. it does not change if PSK or the normal authentication with certificates is used.
Even if some public TLS Server were to support PSK, you won't be able to test your client with it. There is a fundamental difference between the way public key authentication (which is used by most of the TLS Servers) work and PSK.
Public Key Authentication: Incase of Public Key Server Authentication (the ones that doesn't involve Client Authentication), the server sends a Certificate, which contains a Public Key and Client encrypts it's pre-master secret and sends it to server which only the server can decrypt. In this way both have the same pre-master secret and can use the same set of derivations to further derive the final key.
Pre-Shared key: As the name indicates the pre-shared requires both parties to have the same key pre-shared among themselves. They just exchange the IDs between them to indicate which of the Pre-Shared they will be using to generate the final key.
So, even if there is a server which supports PSK, you should have the same set of (or atleast one) of the keys which it has, which is impossible as those servers won't share their keys with anyone apart from whom it is supposed to be shared with (the legit clients).
So, the best way for you is to use openssl's test client and server tools and test it.
