RTG-3333 Support X25519MLKEM768 by default, but don't sent it as client (#35)

X25519MLKEM768 is the standardised successor of the preliminary X25519Kyber768Draft00. Latest browsers have switched to X25519MLKEM768. Cloudflare supports both on the edge. We've had support for X25519MLKEM768 in this crate for a while, but didn't enable by default. We're now enabling serverside support by default. We also let clients advertise support when set to kx-client-pq-supported. We don't enable support by default yet for clients set to kx-client-pq-preferred, as that would cause an extra round-trip due to HelloRetryRequest if the server doesn't support X25519MLKEM768 yet. BoringSSL against which we build must support X25519MLKEM768, otherwise this will fail. Co-authored-by: Bas Westerbaan <bas@cloudflare.com>
2025-01-14 22:17:57 +08:00 · 2025-01-14 22:17:57 +08:00 · 5da88184f1
parent 038c5b2105
commit 5da88184f1
1 changed files with 5 additions and 3 deletions
--- a/boring/src/ssl/mod.rs
+++ b/boring/src/ssl/mod.rs
@ -2890,7 +2890,7 @@ impl SslRef {
            if cfg!(feature = "kx-client-nist-required") {
                "P-256:P-384:P-521:P256Kyber768Draft00"
            } else {
-                "X25519:P-256:P-384:P-521:X25519Kyber768Draft00:P256Kyber768Draft00"
+                "X25519:P-256:P-384:P-521:X25519MLKEM768:X25519Kyber768Draft00:P256Kyber768Draft00"
            }
        } else {
            if cfg!(feature = "kx-client-nist-required") {
@ -2906,7 +2906,9 @@ impl SslRef {

    #[cfg(feature = "kx-safe-default")]
    fn server_set_default_curves_list(&mut self) {
-        self.set_curves_list("X25519Kyber768Draft00:P256Kyber768Draft00:X25519:P-256:P-384")
+        self.set_curves_list(
+            "X25519MLKEM768:X25519Kyber768Draft00:P256Kyber768Draft00:X25519:P-256:P-384",
+        )
        .expect("invalid default server curves list");
    }