mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-08 22:50:47 +02:00
c3289f8aa9
* Enable ML-KEM by default in build systems (autoconf and CMake) * Only allow three to-be-standardized hybrid PQ/T combinations by default * Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user does not override that). When Curve25519 is disabled, then either WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as default depending on the ECC configuration * Disable standalone ML-KEM in supported groups by default (enable with --enable-tls-mlkem-standalone) * Disable extra OQS-based hybrid PQ/T curves by default and gate behind --enable-experimental (enable with --enable-extra-pqc-hybrids) * Reorder the SupportedGroups extension to reflect the preferences * Reorder the preferredGroup array to also reflect the same preferences * Add async support for ML-KEM hybrids
28 lines
510 B
Plaintext
28 lines
510 B
Plaintext
# server DTLSv1.3 with post-quantum group
|
|
-u
|
|
-v 4
|
|
-l TLS13-AES256-GCM-SHA384
|
|
--pqc ML_KEM_512
|
|
|
|
# client DTLSv1.3 with post-quantum group
|
|
-u
|
|
-v 4
|
|
-l TLS13-AES256-GCM-SHA384
|
|
--pqc ML_KEM_512
|
|
|
|
# ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello.
|
|
|
|
# server DTLSv1.3 with post-quantum group
|
|
-u
|
|
-v 4
|
|
-l TLS13-AES256-GCM-SHA384
|
|
--pqc KYBER_LEVEL1
|
|
|
|
# client DTLSv1.3 with post-quantum group
|
|
-u
|
|
-v 4
|
|
-l TLS13-AES256-GCM-SHA384
|
|
--pqc KYBER_LEVEL1
|
|
|
|
# KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello.
|