prodpaos.governikus-eid.de does not work with TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384is used. The connection attempt fails with Decryption failed (21) after the first encrypted handshake message is sent to the server.
Tests with the same server revealed, that the following cipher suites work just fine:
This problem does not exist with the testserver at https://test.governikus-eid.de/Autent-DemoApplication/. There, the problematic cipher suite is used without any problems.
A build of the Open eCard App using this cipher suite can be found at https://files.ecsec.de/public.php?service=files&t=9d87270f5c9d953568db0640c7b844cb