Key Exchange Method
Pre-shared Key (PKS)
The pre-shared key
[124] key exchange
[467] algorithms provide secure communication by establishing the key exchange based on symmetric key
[193][194][195]s that are shared in advance among the communicating parties. Algorithm is especially suitable for performance-constrained environments, but there are weaknesses
[481][482][483]. Pre-shared keys must be long and random to be secure. Pre-shared keys with low entropy
[380], may caused by a weakness
[359][360][361] of random number generator
[1][2][3], can be easily broken in brute-force attack
[555]. PSK key exchange has no forward secrecy
[135][136][137][138], and does not protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past can be retrieved and decrypted. Leading client applications do not use this algorithm. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry.
Recommendations
Always prefer cipher suites with PFS property over the non-PFS ones. If your application or requirements specifically call for the use of algorithms which are not used by the leading client applications set the cipher suite order explicitly and cipher suites used by the leading client applications be preferred over the ones which do not used by them.