[gnutls-devel] GnuTLS | Query : PQC support (#1628)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Mon Dec 16 01:48:03 CET 2024
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1628#note_2260242495
Hello Rajib, the PQC algorithms are currently marked as experimental and need to be enabled in multiple places, at build time and run time. You might first want to check whether the group is available by running `src/gnutls-cli --list`. If the X25519Kyber768Draft00 group is available, you will see something like:
```console
Groups: GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, GROUP-GC256B, GROUP-GC512A, GROUP-X448, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096, GROUP-FFDHE6144, GROUP-FFDHE8192, GROUP-MLKEM768, GROUP-KYBER768, GROUP-SECP256R1-MLKEM768, GROUP-X25519-MLKEM768, GROUP-X25519-KYBER768
```
I would also suggest using X25519MLKEM768 or SecP256r1MLKEM768, which are defined in an active [draft](https://datatracker.ietf.org/doc/draft-kwiatkowski-tls-ecdhe-mlkem/). See the pqc-hybrid-kx.sh [test](https://gitlab.com/gnutls/gnutls/-/blob/5f92e8df5121c4fe4892099240bcbafd679db8ed/tests/pqc-hybrid-kx.sh) for details.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1628#note_2260242495
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241216/34b9f4a6/attachment.html>
More information about the Gnutls-devel
mailing list