> On 21 Aug 2023, at 06:36, Gentry Deng via nginx <nginx@nginx.org> wrote:
>
> Hello there,
>
>
>
> Chrome will begin supporting X25519Kyber768 for establishing symmetric
> secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome
> 115. Cloudflare, the world's leading CDN provider, has been supporting Hybrid
> Kyber KEM since last year.
>
> I would like to know if nginx with BoringSSL can support
> X25519Kyber768Draft00?
>
It does, you can test it with BoringSSL itself.
ssl_ecdh_curve prime256v1:X25519Kyber768Draft00;
server {
listen 8443 ssl;
server_name localhost;
return 200 "$ssl_curve\n";
}
$ printf "GET / HTTP/1.0\n\n" | ./install/bin/bssl client -connect 127.1:8443
-curves X25519Kyber768Draft00
Connecting to 127.0.0.1:8443
Connected.
Version: TLSv1.3
Resumed session: no
Cipher: TLS_AES_128_GCM_SHA256
ECDHE group: X25519Kyber768Draft00
Signature algorithm: rsa_pss_rsae_sha256
Secure renegotiation: yes
Extended master secret: yes
Next protocol negotiated:
ALPN protocol:
OCSP staple: no
SCT list: no
Early data: no
Encrypted ClientHello: no
Cert subject: CN = localhost
Cert issuer: CN = localhost
HTTP/1.1 200 OK
Server: nginx/1.25.2
Date: Mon, 21 Aug 2023 14:58:40 GMT
Content-Type: text/plain
Content-Length: 23
Connection: close
X25519Kyber768Draft00
--
Sergey Kandaurov
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
