This is great news
On Thu, Mar 6, 2025, 11:05 PM Viktor Dukhovni <ietf-d...@dukhovni.org>
wrote:
> On Thu, Mar 06, 2025 at 09:01:13PM +0100, Bas Westerbaan wrote:
>
> > This is indeed fantastic—congratulations!
> >
> > Will X25519MLKEM768 be enabled by default?
>
> Yes, not only enabled, but preferred, with servers sending an HRR when a
> client reports support for X25519MLKEM768, but does not send a
> corresponding keyshare.
>
> Similarly, the most preferred sigalgs are ML-DSA-65, ML-DSA-87, and
> ML-DSA-44. Of course these don't take effect unless the server is
> actually configured with a key+cert of that type.
>
> $ posttls-finger -Lsummary -c dukhovni.org
> posttls-finger: Verified TLS connection established
> to mx1.imrryr.org[144.6.86.210]:25:
> TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
> key-exchange X25519MLKEM768
> server-signature ML-DSA-65 (raw public key)
>
> --
> Viktor.
>
> $ openssl s_server -accept [::1]:12345 -cert ./apps/server.pem -naccept 1
> -groups x25519mlkem768/x25519 -trace
> [ ... Client runs: openssl s_client -connect [::1]:12345 -groups
> x25519:X25519MLKEM768 -brief ... ]
> Received TLS Record
> Header:
> Version = TLS 1.0 (0x301)
> Content Type = Handshake (22)
> Length = 287
> ClientHello, Length=283
> ...
> extensions, length = 150
> ...
> extension_type=supported_groups(10), length=6
> ecdh_x25519 (29)
> X25519MLKEM768 (4588)
> ...
> extension_type=key_share(51), length=38
> NamedGroup: ecdh_x25519 (29)
> key_exchange: (len=32): ...
>
> Sent TLS Record
> Header:
> Version = TLS 1.2 (0x303)
> Content Type = Handshake (22)
> Length = 88
> ServerHello, Length=84
> server_version=0x303 (TLS 1.2)
> Random:
> gmt_unix_time=0xCF21AD74
> random_bytes (len=28): ...
> session_id (len=32): ...
> cipher_suite {0x13, 0x02} TLS_AES_256_GCM_SHA384
> compression_method: No Compression (0x00)
> extensions, length = 12
> extension_type=supported_versions(43), length=2
> TLS 1.3 (772)
> extension_type=key_share(51), length=2
> NamedGroup: X25519MLKEM768 (4588)
>
> Sent TLS Record
> Header:
> Version = TLS 1.2 (0x303)
> Content Type = ChangeCipherSpec (20)
> Length = 1
> change_cipher_spec (1)
>
> Received TLS Record
> Header:
> Version = TLS 1.2 (0x303)
> Content Type = ChangeCipherSpec (20)
> Length = 1
> change_cipher_spec (1)
>
> Received TLS Record
> Header:
> Version = TLS 1.2 (0x303)
> Content Type = Handshake (22)
> Length = 1471
> ClientHello, Length=1467
> client_version=0x303 (TLS 1.2)
> ...
> extensions, length = 1334
> ...
> extension_type=supported_groups(10), length=6
> ecdh_x25519 (29)
> X25519MLKEM768 (4588)
> ...
> extension_type=key_share(51), length=1222
> NamedGroup: X25519MLKEM768 (4588)
> key_exchange: (len=1216): ...
>
> ...
>
> _______________________________________________
> TLS mailing list -- tls@ietf.org
> To unsubscribe send an email to tls-le...@ietf.org
>
_______________________________________________
TLS mailing list -- tls@ietf.org
To unsubscribe send an email to tls-le...@ietf.org
