diff --git a/u_common.go b/u_common.go
index 21da7a6..fd21556 100644
--- a/u_common.go
+++ b/u_common.go
@@ -200,7 +200,8 @@ func (chs *ClientHelloSpec) ReadTLSExtensions(b []byte, keepPSK, allowBluntMimic
 		}
 
 		if extension == extensionPreSharedKey && !keepPSK {
-			continue // skip PSK, this will result in fingerprint change!!!!
+			return fmt.Errorf("PSK extension is not allowed unless keepPSK is set")
+			// continue // skip PSK, this will result in fingerprint change!!!!
 		}
 
 		extWriter := ExtensionIDToExtension(extension)
diff --git a/u_fingerprinter_test.go b/u_fingerprinter_test.go
index 0f761aa..90f8b07 100644
--- a/u_fingerprinter_test.go
+++ b/u_fingerprinter_test.go
@@ -514,10 +514,8 @@ func TestUTLSFingerprintClientHelloKeepPSK(t *testing.T) {
 	}
 
 	for _, ext := range generatedSpec.Extensions {
-		if genericExtension, ok := (ext).(*GenericExtension); ok {
-			if genericExtension.Id == extensionPreSharedKey {
-				return
-			}
+		if _, ok := (ext).(*PreSharedKeyExtension); ok {
+			return
 		}
 	}
 	t.Errorf("generated ClientHelloSpec with KeepPSK does not include preshared key extension")