<div dir="ltr"><pre style="white-space:pre-wrap;color:rgb(0,0,0);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">Nate,Maxim,</pre><pre style="white-space:pre-wrap;color:rgb(0,0,0);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">I found a patch here (<a href="http://mailman.nginx.org/pipermail/nginx-devel/2017-September/010449.html">http://mailman.nginx.org/pipermail/nginx-devel/2017-September/010449.html</a>) regarding the PSK spport in Nginx. I can not make the new parameter ssl_psk_file work.</pre><pre style="white-space:pre-wrap;color:rgb(0,0,0);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">I applied it to release-1.13.5 successfully.</pre><pre style="white-space:pre-wrap;color:rgb(0,0,0);font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;word-spacing:0px;text-decoration-style:initial;text-decoration-color:initial">I updated my nginx.conf to </pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial"><font color="#000000"><span style="white-space:pre-wrap">stream {
  upstream dtls_udp_upstreams {
    hash $remote_addr:remote_port;
    server <a href="http://preprod.mycorp.com:5685">preprod.mycorp.com:5685</a>;
  }


  server {
    listen 5684 udp ssl;
    ssl_protocols DTLSv1.2;
    ssl_ciphers PSK-AES128-CBC-SHA;
    ssl_psk_file /tmp/cred.txt;
    ssl_certificate /tmp/server.pem;
    ssl_certificate_key /tmp/server.key;
    proxy_pass dtls_udp_upstreams;
  }

My issue is that although /t</span></font>mp/cred.txt file exists, Nginx returns :</pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial">nginx: [emerg] unknown directive "ssl_psk_file" in /tmp/nginx.conf:26.<br></pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial"><br></pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial">I checked the source files, it looks like the patch has been correctly applied.</pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial">Would you mind posting the complete/corrected patch I could apply and test ?</pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial">I'm using DTLS client with PSK load-balancer and I could experiment the setup.</pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial"><br></pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial">My patching application looks like :</pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial"><font color="#000000"><span style="white-space:pre-wrap">git checkout release-1.13.5</span></font></pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial"><font color="#000000"><span style="white-space:pre-wrap">patch -p1 -i pskpatch.diff</span></font></pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial"><font color="#000000"><span style="white-space:pre-wrap"><br></span></font></pre><pre style="text-align:start;text-indent:0px;text-decoration-style:initial;text-decoration-color:initial"><font color="#000000"><span style="white-space:pre-wrap">Thank you !</span></font></pre></div>