Indeed, that's very nice. I'm actually running OpenSSL built from a branch
vduc/hybrids on my server
and X25519MLKEM768 seems to work alright.
May I know if you have a plan for FIPS certificaton for PQC after release?
Cheers,
Kris
On 07/03/2025 04:02, Viktor Dukhovni wrote:
On Thu, Mar 06, 2025 at 09:01:13PM +0100, Bas Westerbaan wrote:
This is indeed fantastic—congratulations!
Will X25519MLKEM768 be enabled by default?
Yes, not only enabled, but preferred, with servers sending an HRR when a
client reports support for X25519MLKEM768, but does not send a
corresponding keyshare.
Similarly, the most preferred sigalgs are ML-DSA-65, ML-DSA-87, and
ML-DSA-44. Of course these don't take effect unless the server is
actually configured with a key+cert of that type.
$ posttls-finger -Lsummary -c dukhovni.org
posttls-finger: Verified TLS connection established
to mx1.imrryr.org[144.6.86.210]:25:
TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519MLKEM768
server-signature ML-DSA-65 (raw public key)
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
