It's a workaround for the workaround... If TLS 1.3 was explicitly chosen and the PSK callback is set then without this patch the callback is never called since, with TLS 1.3, PSK would only be queried once at the start of a connection. It can now be re-enabled with an environment variable. A new API should be added to address the new requirements of PSK with TLS 1.3: For session resumption the connection MUST use the same hash algorithm as in the original session. For new sessions the hash algorithm must be decided ahead of time, or a default will be used (as defined by the standard). A user can also pass along multiple identity+key pairs and the server will pick one it recognizes. This is not something we can currently do with the preSharedKeyAuthenticationRequired callback. [ChangeLog][Network][QSslSocket][OpenSSL] When using TLS 1.3 we suppress the first callback from OpenSSL about pre-shared keys, as it doesn't conform to the past behavior which preSharedKeyAuthenticationRequired provided. With this update you can opt-out of that workaround by setting the QT_USE_TLS_1_3_PSK environment variable Pick-to: 6.2 6.1 5.15 Task-number: QTBUG-95670 Change-Id: Ia7454bbbf394cbcb859de333b371d0890b42a1c3 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>